Decided to move from a shared hosting platform to an AWS based Hosting Environment (Acquia Cloud specifically). This environment doesn't offer e-mail services so the client kept the shared hosting to continue using that for email (they didn't want to spend the extra $2400 per year for G Suite Email Hosting).
In order to achieve this, we worked with the new host to use the shared site as a pass through so that the emails still go there, and the web traffic goes to the new server.
The nameservers go to the shared host. We have a DNS Cname www.example.com pointed to the new AWS server and the A record pointed at the shared host. It was the only way to keep the email still running. When we pointed the A record, that's when email went down. This was the suggestion from the hosting company.
So now if they go to http://example.com, https://www.example.com, http://www.example.com and www.example.com it all works fine, no problem. However if they go to https://example.com they get this issue right here:
1:
When we moved to the new host, the SSL certificate went with it. This causes some Search Engine Issues. I have an .htaccess redirect set up, but it still gives that error.
This is what myself and both hosting companies could best come up with, and it's not a great solution.
Is there a solution other than:
Carrying an SSL Certificate for both accounts
Moving email to a 3rd party provider like gmail
If there isn't we are going to go with one of these options, but I figured I'd ask first.
The only issue here is your certificate does not have example.com in your certificate SAN (Subject Alternative Name). By default, you should get this in your SAN but few CA don't provide it under SAN unless and until you tell them. Kindly find the image for your reference. If you have windows OS just save your certificate file in .crt or .cer format to view the SAN.
Else you can use below command if you Linux OS and the certificate is installed on the server
openssl s_client -connect website.com:443 | openssl x509 -noout -text | grep DNS
It will list the SAN
Related
I’m using Plesk Obsidian and I need to host an application on it (a website builder).
On this application, users can create websites on subdomains, and the application will determines what website to show itself by checking the subdomain. Multiples main domain are available.
website1.domain1.com
website2.domain2.com
website3.domain3.com
All the main domains (domain1.com, domain2.com and domain3.com) and also all the subdomains must:
Go to the same directory in server
Be secured by a SSL certificate
Also, as users can also have a custom domain, I need to be able to add it and set the same directory in server and get a SSL certificate.
I’ve tried to create a service plan and a subscription and added the first domain (domain1.com) to it.
For the others domains, I’ve added an alias (domain2.com and domain3.com).
The problem is that I can’t add the wildcard for those 2 domains and have a wildcard SSL neither.
So accessing to anything.domain2.com result to a NET::ERR_CERT_COMMON_NAME_INVALID error.
For others domains set as alias, SSL need to be regenerated each time we add a new domain and they're are bonded to the main domain...
If it's not possible through Plesk interface, I'm not against build a custom script launched in command line.
However, I don't know were I can put those custom generated virtualhosts without risking to be erased on Plesk update.
You can set up a wildcard SSL as far as you use a CA that admits wildcards on the SAN (which nowadays are almost all of them).
Concretely, if you want free certificates issued by Let's Encrypt, you just need to follow the following steps:
Log in to Plesk
Install the Plesk extensions SSL It! and Let's Encrypt
Go to Domains > domain1.com > Hosting Settings
Make sure SSL/TLS support is enabled
Go to Domains > domain1.com > SSL/TLS Certificates
Click on Install > More options > Install a free basic certificate provided by Let's Encrypt
Select explicitly Secure the wildcard domain
Click on Get it free
Same for the rest of the domains.
I can't work out a definitive answer on this, but from searching I find two links which seem to indicate to me that a server (in this case it's MS Exchange as per the links) can have different certificates in place for https than for secure smtp/TLS.
http://technet.microsoft.com/en-GB/library/bb851505(v=exchg.80).aspx
https://www.sslshopper.com/article-how-to-use-ssl-certificates-with-exchange-2007.html
I have an issue which no-one has been able to help with here and this question is a follow on, in that I am coming to the suspicion that my first problem is that my machine trusts the https certificate, but not the one being used for smtp/TLS. But what I'm asking now, is that even possible?
Going through the diagnostic steps here shows me that the certificates in use when I access my mail server's web interface through https are fully trusted. However when I look at the debug of my c# process it is stating a completely different certificate issued by one of our servers to it's self (the server on which exchange is installed).
So... any one know if it's possible that I am thinking along the right lines... is it possible that when I do an https connection I get one certificate and when I use the .net SMTP client I get a completely different certificate (from exactly the same address, but I assume a different port)?
Is it possible that when I do an https connection I get one certificate and when I use the .net SMTP client I get a completely different certificate (from exactly the same address, but I assume a different port)?
Yes, you can have a different certificate for each listening socket on the machine, that is SMTP and HTTPS can use different certificates. On a machine with multiple hostnames you could even have multiple different certificates on a single socket, which get distinguished by the hostname (using SNI).
I am working with a client who needs SSL on their Email and Web Site.
We have their site hosted on a Rackspace Cloud Site (Wordpress so Apache and all that jazz).
From what I can tell their Email is on an ISS server of their own.
They want to apply this SSL Cert they bought through GoDaddy and apply it to this email server and to the site on our hosting server. Now I am only a Web Developer with enough server knowledge to get sites launched and running, But I don't think you can apply the same SSL Cert on two different types of servers.
What would the solution be for this?
Would you purchase a second ssl? Is that even possible?
Sorry if this is a all completely wrong I am trying to use my limited knowledge of SSL to describe the situation.
I'm pretty sure you can use the same certificate if it's going on two servers as long as they are both using the same domain. You don't need to purchase a second ssl. The tricky part might be if the two servers require different certificate file formats.
Also, just do the CSR part on ONE of the servers (use the one you trust the most). On the other server just install the certificate bypassing the CSR part.
I am setting up a secure website with two subdomains:
https://www.domain.com
https://xxx.domain.com
I have acquired two SSL certificates, one for each of the subdomains (standard installation using nginx). I have also set up the root https://domain.com to simply redirect to https://www.domain.com.
Most of the time, this setup works fine. However, for some browsers (notably IE8 and Android), when accessing https://xxx.domain.com I get a certificate error, where the browser shows the certificate info for https://www.domain.com.
I suspect these browsers fetch the certificate from the root domain which then redirects to https://www.domain.com and hence the mismatch problem.
Can anyone advice on how to deal with this situation? Is buying a wildcard certificate the sole solution?
Thanks
If you're using the same IP address for both, then yes, some sort of multiple name cert is the only practical solution at this point. Alternatively, if you run the xxx site on a different IP address, things should be okay.
This shouldn't be an issue for just IE and Android, though. I'm not sure what's up with that.
(Hmmm ... maybe this should be on serverfault).
The quiz can't be viewed by any other users, unless the "Secure URL" is updated. But I can't figure out how to do that.
This simply means you must have an SSL certificate on the domain that hosts your canvas page. I would recommend rapidSSL.
Here is a general overview of what this entails: http://webnet77.com/SSL-certificates.html
Here is what we do:
get yourself host account with dedicated IP or better linux dedicated server
ask your host to generate Certificate Signing Request or do it yourself use openssl (don't know how to do it on windows)
get cheap ssl certificate (like rapidSSL) 9.90 per year or something just domain verification, google it.
send them your CSR
wait like 10 minutes
find your cert in your inbox attached
install it according to your server (Apache uses mod_ssl)
test it