Want to subscribe to topics you're interested in?
Become a Member

SSL SSL Wildcard certificate on multiple ip / servers

Discussion in 'Domains, DNS, Email & SSL Certificates' started by upgrade81, May 3, 2018.

Tags:
  1. upgrade81

    upgrade81 Premium Member Premium Member

    216
    14
    18
    Sep 5, 2016
    Italy
    Ratings:
    +20
    Local Time:
    6:37 AM
    1.13.8
    10
    Hi guys, I want to change my SSL certificate and use a wildcard.
    I was wondering if it was possible to use a Wildcard that will manage 1 subdomain "forum" that is however located on an ip and server different from the main domain.

    What do you recommend?

    Also you can tell me who also provides the ECDSA version?
    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,204
    8,892
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,704
    Local Time:
    2:37 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Paid SSL Wildcard SSL cert ? Comodo supports ECDSA certs just need to provide them with ECDSA 256bit based CSR file instead of a RSA 2048bit one. As you're a Centmin Mod Premium user, you also get access to paid SSL certificates through me as I am a reseller. Unfortunately, since Letsencrypt started the reseller provider I use has raised prices forcing me to raise mine so no longer competitive as originally intended. So you can get GGSSL Wildcard (basically Comodo branded) from them directly Wildcard SSL certificates at GoGetSSL.com.

    Examples or command used to general the private key and ECDSA 256bit CSR file that you provide your SSL provider with are here and here or using online tool to general CSR and private key OpenSSL CSR Tool - Create Your CSR Faster | DigiCert.com.

    Yup possible and is same as normal SSL, it's how this forum is setup community.centminmod.com on linode with Comodo SSL wildcard certificate and centminmod.com runs on a cluster of 16x active + 16x backup VPS GeoDNS clustered servers around the world in London, Singapore, Tokyo, Los Angeles, Seattle, Dallas, New York/New Jersey, Sydney and Melbourne. All subdomains and main domain use the single Comodo SSL wildcard certificate - you just treat the setup same as any SSL certificate setup in method 1 outlined below. I literally run hundreds of subdomain based HTTPS sites off the single wildcard SSL certificate - just need to copy the provided SSL wildcard cert, private key and CSR files and concatenated files to all the servers and their Nginx vhosts that you intend to use with that wildcard SSL certificate :)

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
     
..