Alias, Letsencrypt and Wildcard Certificates

hbc.sup · August 26, 2021, 11:58am

Hello All,

Once avid user of Webmin now back to Virtualmin after years. Thanks a lot for such a great solution.

System Information:

Operating system: Ubuntu Linux 20.04.3 (Ubuntu Pro actually)
Webmin version: 1.973
Usermin version: 1.823
Virtualmin version: 6.16
Hosted at: AWS EC2
DNS: External Service
Emails: External Service

I’m hosting a site under domain xyz.tld. We create an alias as subdomain e.g. a.xyz.tld, b.xyz.tld, c.xyz.tld, etc. that points to same webroot of xyz.tld.

Now the thing that I’m stuck with. I’m using external DNS provider and thus I can not generate letsencrypt wildcard certificate from Virtualmin’s interface. I disabled auto request of letsencrypt certificate through Virtualmin’s configuration. Then created a wildcard certificate manually using certbot for domain xyz.tld and *.xyz.tld. I updated the cert and key using Virtualmin’s Update Certificate and Key interface. Things went great and certificate got recognised and it was bringing up site with correct certificate.

But, when I created an alias, a.xyz.tld as alias of xyz.tld, Virtualmin automatically requested letsencrypt to include a.xyz.tld with xyz.tld cert. This shouldn’t happen when I’ve already disabled auto requesting letsencrypt certs. And additionally, it isn’t recognising the wildcard certificate.

Things seem pretty straight forward but seems I’m missing something in the process. It would be really great if someone enlightens me.

Thanks in advance.

hbc.sup · August 28, 2021, 12:31pm

Hello All,

After looking and testing various options, I edited the sub-server template. Under Website for domain > Directives and settings for new websites:


ServerName ${DOM}
ServerAlias www.${DOM}

**DocumentRoot /DocumentRoot/Of/Main/Virtual/Server**

ErrorLog /var/log/virtualmin/${DOM}_error_log
CustomLog /var/log/virtualmin/${DOM}_access_log combined
ScriptAlias /cgi-bin/ ${HOME}/cgi-bin/
DirectoryIndex index.php index.htm index.html

**<Directory DocumentRoot/Of/Main/Virtual/Server>**

Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory ${HOME}/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>

This loaded the Main Virtual Server site and picked up the wild-card cert.

Is this the way to go ahead or could be improved upon while keeping performance-security in view?

Thanks in advance.

system · October 27, 2021, 12:32pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.