Subdomains and certificates

sparek

Verified User
Joined
Jun 27, 2019
Messages
465
Perhaps this point has been brought up some where and I missed it. I did a search found some older threads, I think 2017 being the latest one I've seen. And it seems to indicate that this is not possible.

So apparently you can't add a secure certificate to a "subdomain" in DirectAdmin? Is that correct?

(For context, "subdomain" here is referring to the Dashboard -> Sub-Domains Setup area)

The work-around I saw in the forum search was to create the subdomain as a "domain" in the user's panel, then you can add a certificate to this "domain".

(i.e. Dashboard -> Domain management -> Add New)

If this is the solution, I don't really have a problem with it. I just wanted to make sure that information was correct.

I do wonder though... everyone that migrated their servers from cPanel to DirectAdmin, did any of your subdomains on cPanel have certificates and now are they working on DirectAdmin?

The line between addon domains, subdomains, and parked domains has really been blurred. I really wouldn't mind an industry wide shift into recognizing all of these titles as just "addon" domains or "additional" domains, whatever you want to call them.

A parked domain (alias) is just a domain name that shares the same DocumentRoot as it's parent domain name.

A subdomain is just a domain name that leeches part of it's name from it's parent domain name, and probably has it's own DocumentRoot.

An addon (additional) domain is just a different domain name that uses it's own DocumentRoot.

All three operate within the same user space as the parent domain (i.e. the same Linux username space... what I refer to as the account).

All three of these can be clumped into one entity that takes two parameters... the domain name (or the subdomain, if you want to use a name that leeches off of it's parent) and the DocumentRoot (as it exists on the file system) to point to.
 
Sure you can have certificate on subdomain. It is three way to do it:

1: You just need to include the subdomains in the parent domains certificate. In Enhanced just go to the domain, then on the "SSL Certificates", then select "Free & automatic certificate from Let's Encrypt", then look under the heading "Let's Encrypt Certificate Entries", under that heading all subdomains you have created under this domain will be listed, you can then select them so that they will be included in the certificate.

2: Just create the subdomain as a regular domain, then you install certificate on it the same way as on any other domains.

3: Install a Let's Encrypt wildcard certificate, then all subdomains will have a valid certificate.
 
1: You just need to include the subdomains in the parent domains certificate. In Enhanced just go to the domain, then on the "SSL Certificates", then select "Free & automatic certificate from Let's Encrypt", then look under the heading "Let's Encrypt Certificate Entries", under that heading all subdomains you have created under this domain will be listed, you can then select them so that they will be included in the certificate.

While, technically true I suppose... this is messy. Every time you add a new subdomain, you have to reissue the certificate to include the full list of domains and subdomains. I just don't like to doing this. That's a personal opinion, though.

But this also doesn't work when you purchase a certificate. If you purchase a certificate for the main domain name, you often can't add additional SANs to those certificates very easily if at all (and at an additional cost). Of course, I suppose this begs the questions... "Why are you purchasing a secure certificate?" and that definitely has it's own merits.

2: Just create the subdomain as a regular domain, then you install certificate on it the same way as on any other domains.

This basically steps on what I was referring to in my post. Personally for me... I'd prefer to just see the entire namescape of "subdomains", "parked domains", "domain aliases", "addon domains", "extra domains" just completely blown up and just refer to these under one umbrella name. For example, if "Subdomain Management" wasn't even an option in the panel, people would have to use Domain Setup to create "subdomains". In fact, this is something I'm seriously considering removing from our own offering - but I'm a bit concerned on how this will affect subdomain transfers from cPanel... I'll have to travel down that fork in the road a bit later.

This isn't just a DirectAdmin thing. This is something I think the entire control panel/web hosting industry should get behind. It just simplifies things so much more - unless there's something I'm missing. What is the disadvantage to setting up subdomains as domains in this manner vs. using the Subdomain Management system?

3: Install a Let's Encrypt wildcard certificate, then all subdomains will have a valid certificate.


This is similar to the first option. You still can't install a specific certificate for the subdomain. If the parent domain name has a purchased certificate (maybe an EV certificate) then you still can't install a wildcard certificate while keeping the purchased certificate present.



The second option I think is the best solution and it's the solution I came across with my search. But it's still not without its potential issues. Ideally cPanel (which DirectAdmin cannot dictate cPanel policy) and other control panels would drop subdomains and domain aliases and parked domains and then the issue of 1:1 transfer from cPanel (or other control panels) to DirectAdmin would be easier.

I was mostly just wondering if my interpretation of this issue with subdomains was correct and I believe you have confirmed that it is.
 
SSL lets encrypt for Multisite Woocommerce

Hello,

I don't know this is te right place for my question, but i try;).

We want to build a Wordpress Woocommerce multisite with domains like sample1.website.com. The problem is, the subdomains are not visible in Directadmin Subdomain Management. this is arranged in the Mysql (phpmydamin). Because no subfolders will showing in the Direct Admin, we can't install lets Encrypt for all sub domains. Is there a solution for this problem? they said we need tot use Lets Encrypt wildcard, but how can we install this?

Thanks!
Regards, Elmar

Note: sorry for my bad english...:eek:
 
The feature documentation is here.

First, make sure that your wildcard DNS record resolves to the server IP:

Code:
 dig a +short *.DOMAIN.TLD

You'll want to make sure that you've properly configured wildcard subdomains in your webserver, too:

https://help.directadmin.com/item.php?id=127

Next, if you are using the DA GUI, you will log in as the user, select the domain in the drop-down if they have multiple domains, then go to the tab to install 'Free & automatic Certificates with Let's Encrypt'. Do you see a checkbox for the wildcard SSL there next to the common name entry? If not, you need to run this command as root:

Code:
/usr/local/directadmin/directadmin set dns_ttl 1 restart

Now, go back to the interface and reload it. Do you see the option now?

You could also use the API CMD_API_SSL via curl to send the request, too (replace all of the capitalized content in the data string below and the IP with your data):

Code:
curl -k --request POST --user 'USERNAME:PASSWORD' --data 'type=create&request=letsencrypt&name=DOMAIN.TLD&keysize=4096&encryption=sha256&wildcard=yes&domain=DOMAIN.TLD&json=yes&action=save&background=auto&le_wc_select0=*.DOMAIN.TLD&le_wc_select1=DOMAIN.TLD' https://1.2.3.4:2222/CMD_API_SSL
 
Last edited:
I don't know this is te right place for my question, but i try;).

I'm not really sure I'm understanding what you are wanting to do.

But I would propose that DirectAdmin completely remove the Subdomain Management panel link (which actually... server administrators can remove themselves if they want to).

If you want to create a "subdomain", i.e. sample1.website.com, sample2.website.com, etc. Use the Domain Setup link in the user's panel and use the Add New button. Then where it says Domain - enter sample1.website.com or sample2.website.com. This will create sample1.website.com as it's own VirtualHost and you'll be able to install a secure certificate for it.

Because secure certificates seem to be everywhere now, not being able to install a secure certificate on a subdomain created through the Subdomain Management link would seem to be problematic. But rather than "fix" that issue, just consolidate it into the Domain Setup link... that would seem to be an easier solution.
 
Back
Top