[BlueOnyx:24476] Re: Letsencrypt only works for admserv
Michael Stauber
mstauber at blueonyx.it
Mon Nov 9 17:36:40 -05 2020
Hi Martin,
> After that, I have created multiple Virtual Sites, and when I go to SSL
> settings for these sites "Enable SSL" is blocked out (no checkbox)
When a Vsite does not have an SSL certificate yet, then you cannot
enable SSL.
To remedy that, either ...
- Import a certificate
- Create a self signed certificate via the GUI
- Create a Let's Encrypt cert via the GUI.
Once a certificate (and key) are present, SSL can be enabled.
> If I try to access any site by https - I will get the certificate for
> the admsrv (same as port 81).
Yes. Whenever a Vsite has no SSL and you access the Vsite via HTTPS, the
AdmServ cert is used instead.
> If a site has "Web server aliases defined" - letsencrypt will not work
> - unless one removes them from "SSL domain aliases" in the request,
> and doesn't matter if "Web Alias Redirects" is turned on or not.
That is not correct. A Vsite can have aliases when an LE cert is
requested. Ideally you should request the LE cert for all aliases as
well. In THAT case LE will turn "Web Alias Redirects" off briefly in
order to have the cert issuing api be able to connect not only to the
FQDN of the Vsite, but also all aliases.
For this to work all domain names and aliases included in the LE
certificate request must have working DNS A records AND must be
reachable from the outside.
Otherwise the LE certificate request will fail and no LE certificate
will be issued.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list