DirectAdmin and Domain Pointers with SSL

[youds]

Hi

It seems obvious this feature is provided out of the box, am I not looking in the right place or do you need to manually do it?

To manually do it should be `/usr/local/directadmin/scripts/letsencrypt.sh request <domain>` or is there another way?

Kind regards

 

[zEitEr]

Hello Craig,

On a page in DirectAdmin where you request a SSL certificate from Letsencrypt for your domain you can add names of pointers and aliases. DirectAdmin does not allow separate certificates for pointers and aliases. They go as a part to a certificate for a main domain.

 

[johannes]

We had a similar problem with external hosted domains; we ended up creating full domains, and 301er forwarding it to the main domain instead of a alias, so we can have ssl for those too.

 

[sparek]

This has always (well... since secure certificates for everything became a thing) been my argument against "pointers" or "domain aliases" and just treat every domain name as an "addon" domain with it's own VirtualHost container.

It makes the issuance of secure certificates easier and that much more straightforward.

By having multiple domain names attached to the SANs of a certificate then the automated process that renews the certificate is going to have to figure out which of the domain names resolves to the server before that issuance, because the domains that no longer resolve to the server will fail DCV for the certificate and if one fails, then the certificate will not get issued.

If an "addon" domain has it's own VirtualHost container - but shares the DocumentRoot with another domain - this effectively becomes a "pointer" or "domain alias" with the caveat that it has it's own secure certificate. If that domain stops resolving to the server (for whatever reason) that certificate is just skipped when it comes time to renew it. It's resolution status has no bearing on the certificates for the other domain names (with their own VirtualHost) on the account or "pointing" to the same DocumentRoot.