Solved subdomain using hostname ssl cert instead of domain cert

kdub

New member
Joined
Apr 29, 2021
Messages
3
I followed this guide to add ssl to my hostname srv1.kdubhost.com and force redirect. This works properly with exception that only srv1.kdubhost.com:2222 redirects to https but not srv1.kdubhost.com. Which is a separate issue from this one here.

I then created a user with domain kdubhost.com and generated letsencrypt ssl via account manger->>ssl certificates->>lets encrypt as per the screenshot.

I made sure ssl and force redirect are enabled in account manager->>domain setup as per screenshot.

I verified the certificate generated for kdubhost.com includes the checked subdomains ie mail, ftp, smtp, etc

kdubhost.com redirects properly and uses the proper cert. However, mail.kdubhost.com does not auto redirect to https and https://mail.kdubhost.com is attempting to use the srv1.kdubhost.com cert which of course throws a warning in chrome.

I'm assuming this is happening to all kdubhost.com subdomains but have not confirmed.

What did I do wrong? is the only way to fix this to manually edit virthost file? Or maybe I need to generate a single ssl cert that includes all subdomains including the hostname instead of following the guide? Thanks.
 

Attachments

  • g3CSY0oi18.png
    g3CSY0oi18.png
    37.5 KB · Views: 75
  • gnPqIPDruW.png
    gnPqIPDruW.png
    19.4 KB · Views: 80
Never mind. Turns out this is expected behavior. For whatever reason I had it in my mind that mail.kdubhost.com would present roundcube login. Looking at the DNS MX record, it shows mail which obviously means it's meant to use with mail clients and not serve webpages.

I tested with hello.kdubhost.com. Redirect worked and proper cert was served. Just remember to regenerate the ssl cert after a new subdomain is created.

I can't seem to edit the original post or title. Apologies for any inconvenience.
 
Apologies for any inconvenience.
No problem at all.
You will be able to edit older posts later on. You only have 3 posts now. After a couple more you will become a validated member and then you can edit older posts when/if needed.
 
Back
Top