/ Register

Discover Centmin Mod today
Register Now

Letsencrypt + Multiple Vhosts Question

Discussion in 'Domains, DNS, Email & SSL Certificates' started by diy, Jan 22, 2019.

Previous Thread Next Thread
Loading...
  1. Jan 22, 2019 #1
    diy

    diy Member

    50
    32
    18
    Jan 14, 2019
    USA
    Ratings:
    +48
    Local Time:
    9:26 PM
    nginx 1.19.x
    MariaDB 10.4.x
    Hi,

    I just set up a 2nd VPS dev server for some integration work. I have a freshly updated v123.09beta01 install that I need to configure for three Vhosts as follows: domain.com, sub1.domain.com, sub2.domain.com.

    DNS records are fully configured for each with all three pointed to the same IP. Each Vhost will contain a separate and unique website sharing the same IP, but none will share the same webroot.

    My question is:
    Is there way to create and configure all three Vhosts to share a single Letsencrypt (default HTTPS only) cert? Or must a live cert be issued for each domain/subdomain independently?

    The reason I am asking is because once this project is completed, the client intends to submit a HSTS Preload request for browser inclusion, IE:

    Code:
    Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    That header looks pretty risky to me since the three sites will interact with shared assets and data, but I've been assured that there will be no third-party content or assets ever called.

    This is the custom_config.inc entries that I have entered so far:

    Code:
    LETSENCRYPT_DETECT='y'
DUALCERTS='y'
KEYLENGTH='ec-256'
    Are those sufficient?

    Thanks for your help,
     
  2. Jan 23, 2019 #2
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    11:26 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    For Centmin Mod Nginx letsencrypt = yes separately as wildcard isn't supported
    HSTS is nothing to do with 3rd party assets. There is no risk as HSTS just tells web browsers to only contact and allow connection to HTTPS version of the domain visited and disallow non-HTTPS connections. 3rd party non-HTTPS assets just don't load due to mixed-content issues and not because of HSTS while rest of your HTTPS domain loads. If all 3 domain/subdomains have valid HTTPS and letsencrypt issued SSL certificates, then that satisfies HSTS requirement.

    yes if set in persistent config file at /etc/centminmod/custom_config.inc PRIOR to creating nginx vhosts via centmin.sh menu option 2, 22 or nv commands.
     
  3. Jan 23, 2019 #3
    diy

    diy Member

    50
    32
    18
    Jan 14, 2019
    USA
    Ratings:
    +48
    Local Time:
    9:26 PM
    nginx 1.19.x
    MariaDB 10.4.x
Previous Thread Next Thread
Loading...

.