Join the community today
Register Now

SSL Domains subdomain and ssl

Discussion in 'Domains, DNS, Email & SSL Certificates' started by adamus007p, Aug 9, 2019.

  1. adamus007p

    adamus007p Premium Member Premium Member

    61
    4
    8
    Feb 8, 2019
    Ratings:
    +5
    Local Time:
    9:28 PM
    Hello,

    How to add a ssl for subdommain.


    I have addess a domain.com and I want to add a subdomain us.domain.com.

    How to add SSL with letsencrypt to subdomain??
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,080
    9,189
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,098
    Local Time:
    5:28 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Any reason posting all the questions in private forum ? You'd get more eyeballs from other users who can also help answer your more general questions and provide insight ;)

    adding letsencrypt for subdomain site is same as for domain site, just when prompted for domain name on centmin.sh menu option 2 or 22, enter the subdomain.domain.com rather than domain.com
     
  3. adamus007p

    adamus007p Premium Member Premium Member

    61
    4
    8
    Feb 8, 2019
    Ratings:
    +5
    Local Time:
    9:28 PM
    I want to use domain.com for geoDNS and for example us.domain.com/backoffice to login to certain server.
    It is a way to add just an alias maybe not a subdomain as separate website?

    If you think I can repost this in forum or please move this topic.
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,080
    9,189
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,098
    Local Time:
    5:28 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    You currently can't automate parking one HTTPS SSL cert enabled domain (yourparkeddomain.com) or subdomain on top of another HTTPS SSL cert enabled domain (domain.com) as you need for each domain to have it's own SSL certificate reference and Centmin Mod 123.09beta01 can only do one domain Letsencrypt SSL certificate issuance per centmin.sh menu option 2, 22 or nv command runs. See below instructions for Parked HTTPS SSL Domains.

    Parked HTTPS SSL Domains



    Parked domains meaning different domains and/or subdomains all point to same IP address and site content when accessed in a web browser. These methods outlined below are NOT for multiple domains pointing to different site/content.

    As there's no way to automate such you have 2 manual methods available

    Manual Method 1 - Do manual Nginx vhost creation via the underlying acme.sh client. If you have not yet created any of the intended domains/nginx vhosts, you can use addons/acmetool.sh directly via SANS Multi-Domain SSL Certificates method. Otherwise, if some or all intended domains/nginx vhosts have already been created then use manual method as discussed in steps in this post here and here.

    Manual Method 2 - create a domain Nginx HTTPS vhost site for each domain.

    It would be a manual process which involves creating the parked domain's own Nginx HTTPS SSL cert enabled vhost via centmin.sh menu option 2 or nv command and setting it up with valid working DNS A records for domain's www and non-www versions if main domain or DNS A for subdomain and ensure it's working and select letsencrypt option with live default HTTPS SSL cert and then editing it's nginx config file at /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and then just changing root path to your origin domain's root

    in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf change it's default public web root path from
    Code (Text):
    root /home/nginx/domains/yourparkeddomain.com/public

    to
    Code (Text):
    root /home/nginx/domains/domain.com/public

    which now matches the public web root for domain.com nginx vhost listed in domain.com nginx vhost config file at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf

    now both yourparkeddomain.com and domain.com public web root paths point to /home/nginx/domains/domain.com/public so access via the domains will serve files located in /home/nginx/domains/domain.com/public. It does mean that any configurations you manually setup in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf need to be replicated in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf.

    you can use common include file templates you set to make it easier i.e. if in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf you have a custom location content like
    Code (Text):
    location /test {
      include /usr/local/nginx/conf/php.conf;
      try_files $uri $uri/ /index.php
    }

    you could place that location /test context into a custom template file you create at /home/nginx/domains/domain.com/common_includes.conf and reference it in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf as
    Code (Text):
    include /home/nginx/domains/domain.com/common_includes.conf;

    Final note in origin domain's nginx vhost at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf also add canonical header to ensure search engines visiting domain.com know content is originally at domain.com to prevent search engines from flagging yourparkeddomain.com content as duplicated content.
    Code (Text):
    add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";
    

    i.e. placing the header just below existing add_header entries in default nginx vhost config for HTTPS SSL domains
    Code (Text):
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";
    

    then restart nginx and php-fpm services
    Code (Text):
    nprestart

    To confirm just run curl command in SSH against your domain i.e. curl headers and grep filter for word canonical
    Code (Text):
    curl -sI https://domain.com | grep canonical
    

    output would be something like
    Code (Text):
    curl -sI https://domain.com | grep canonical
    Link: <http://domain.com/>; rel="canonical"
    
     
  5. adamus007p

    adamus007p Premium Member Premium Member

    61
    4
    8
    Feb 8, 2019
    Ratings:
    +5
    Local Time:
    9:28 PM
    Maybe I will write the exact case so you may advise me how to do it.

    I use geoDNS and amazon. I have a two shops on the same domain lets say domain.com

    One shop is on EU the second one in USA.

    To connect to USA server I need to use VPN or add ip to hosts file.
    To bypass this I have created a subdomain us.domain.com and US IP as A DNS entry and now using this subdomain I can connect directly to US VPS (US shop).

    Now i want to move other VPS to centminmode. At the moment I use Virtualmin and I have alias of the sever (us.domain.com) and above method works. (us.domain.com/backoffice)

    The question is how to do it with Centminmode? how to add this subdomain to be like an alias?

    Thank you in advance for help.
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,080
    9,189
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,098
    Local Time:
    5:28 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    you'd use method 1's highlighted in bold part links via manual acme.sh commands
     
  7. adamus007p

    adamus007p Premium Member Premium Member

    61
    4
    8
    Feb 8, 2019
    Ratings:
    +5
    Local Time:
    9:28 PM
    • Like Like x 1