Each have a dedicated (public) ip address and are actual subdomains/sub servers with their own document routes, and apache is set for ip virtual host.
Previously I hadn’t used subservers at all and everything under .name.com/ was the same IP and the same ssl cert which simply had name.com and *.name.com.
So my question, when the subdomains are setup like this, am I still able to use one certificate to cover them all? Or do/should I have them each separate (I thought I remembered seeing somewhere that ssl certs were ip-specific on virtual hosts but i can’t recall).
Sub-servers have their own VirtualHost, and thus should have their own certificates. There is no easy way to validate a server and a sub-server for the same certificate using web validation, since they don’t share public_html dirs.
Only DNS validation would work for that scenario (and DNS validation is not generally recommended, since folks already have a lot of trouble with DNS, in the general case, when not managing it in Virtualmin…and often even when they are).
Wildcards would also work, but a wildcard is not recommended for a variety of reasons including some pretty serious security implications, and wildcards also can only be validated via DNS validation.
Awesome, thanks. Kinda what I’d assumed to be the case just wanted to be sure.
Separately, is there any harm in changing the “default” servers doc root to line up with the rest under /home/me/domains (in regards to all; the nameserver, subdomains, and other domains). So instead of
If I’m root, I very much prefer to have separate domains (one virtual server per website).
The reason is isolation. Every new virtual server in Virtualmin is a new user. Sub-servers are owned by an existing virtual server.
If you separate them, you get some security benefits (each site runs under it’s own home, with its own database user, etc.), some maintenance benefits (isolated sites are easier/faster to backup, easier to split up to multiple servers, if you need to do that for scaling or staged migrations), at the cost of maybe a little less convenience (ssh/FTP will require you to use a different user for each domain).