Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best Price/Service for *.domain.com SSL Cert? LetsEncrypt Won't Work on My Server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best Price/Service for *.domain.com SSL Cert? LetsEncrypt Won't Work on My Server

After installing Varnish and using Apache to forward all traffic on port 80 to 443, I can't get LetsEncrypt to work anymore. My current Cert is good until September. I need to find a commercial replacement by then. Before LetsEncrypt, I used to use cheapssls to buy certs, but only for the root domain. I'd like to buy a cert that covers all subdomains for a reasonable price - this isn't an ecommerce store, so I don't need all the extra guarantees. Any suggestions?

Comments

  • AluminatAluminat Member
    edited June 2017

    Free. No guarantees at all ;-)

    http://assl.loovit.net/

    Otherwise you can go with gogetssl. GGSSL from 55$/yrs

    https://www.gogetssl.com/ggssl/wildcard-ssl/

    Thanked by 1MTUser2012
  • +1 for both

    Thanked by 1MTUser2012
  • mlimli Member

    How about adding something like this to your port 80 virtual host config to make Let's Encrypt working:

    https://pastebin.com/mkzD0WyS

    I had to use pastebin since CloudFlare seems to think that I'm trying to do some sort of SQL injection.

    Thanked by 1MTUser2012
  • I'll check them both out. Thanks for the suggestion. Lowest I saw was over $100 at cheapssl, which means it ain't that cheap.

    @Aluminat said:
    Free. No guarantees at all ;-)

    http://assl.loovit.net/

    Otherwise you can go with gogetssl. GGSSL from 55$/yrs

    https://www.gogetssl.com/ggssl/wildcard-ssl/

  • Thank you for the suggestion. I would be great if this problem was solved. But, I didn't do the changeover myself, a contractor did. He describes the error like this:

    The problem is letsenscrypt creates links based on port 80, but the links don't get fetched properly through varnish resulting in a error.

    @mli said:
    How about adding something like this to your port 80 virtual host config to make Let's Encrypt working:

    https://pastebin.com/mkzD0WyS

    I had to use pastebin since CloudFlare seems to think that I'm trying to do some sort of SQL injection.

  • Have you tried online let's encrypt generator ? All you need to do is verify the domain and you can download the certificate.

    Another option is to use the cloudflare certificate

    Both options are free.

    Thanked by 1MTUser2012
  • bapbap Member

    @yokowasis said:
    Have you tried online let's encrypt generator ? All you need to do is verify the domain and you can download the certificate.

    Since there are many sites offer this service, which one have you tried?
    And how to renew the cert?

    Thanked by 1MTUser2012
  • @bap said:

    @yokowasis said:
    Have you tried online let's encrypt generator ? All you need to do is verify the domain and you can download the certificate.

    Since there are many sites offer this service, which one have you tried?
    And how to renew the cert?

    sslforfree.com renewal notification mail is sent to account's email.

    Thanked by 2MTUser2012 bap
  • Are all certificates automatically wildcards? In other words, if i just list my domain www.domainname.com, will it work with mail.domainname.com? I see the box to add additional domains is huge. Alternatively, do you list *.domainname.com to get one that covers all potential subdomains?

    @Aluminat said:
    Free. No guarantees at all ;-)

    http://assl.loovit.net/

    Otherwise you can go with gogetssl. GGSSL from 55$/yrs

    https://www.gogetssl.com/ggssl/wildcard-ssl/

  • MTUser2012 said: Alternatively, do you list *.domainname.com to get one that covers all potential subdomains?

    Yes. You must list *.domainname.com to order all subdomain.

    Thanked by 1MTUser2012
  • wwabbitwwabbit Member
    edited June 2017

    MTUser2012 said: Thank you for the suggestion. I would be great if this problem was solved. But, I didn't do the changeover myself, a contractor did. He describes the error like this:

    The problem is letsenscrypt creates links based on port 80, but the links don't get fetched properly through varnish resulting in a error.

    Fire your contractor. Someone who knows what he's doing will be able to figure out how to resolve the letsencrypt issue.

    Hint: Run apache on ports 80, 8080 and 443. Port 80 checks for /.well-known/acme-challenge and serves accordingly, otherwise redirect to port 443. Port 443 proxies to varnish running on a different port (e.g. 8000). Run your application on port 8080, and have varnish proxy back to apache on that port.

  • rocketrocket Member

    GoGetSSL always worked great for me, they give longer renewals each time too.

  • dj1812dj1812 Member

    You should choose ssl2buy.com, wildcard certificate available at $38 per year - https://www.ssl2buy.com/wildcard-ssl-certificate

    Good experience and very convenient for me. Highly appreciate!!

  • Very interesting. I can pass this along to him (I believe in giving people second chances, he has worked hard, generally seems to know what he is doing and isn't charging me an arm and a leg) He is constrained by one more thing that I didn't post previously. I am command line impaired - I can get around with simple tasks, but prefer to use a GUI. My GUI of choice is Virtualmin. My project specified that Varnish had to work properly with https using some proxy to forward traffic to port 443, and it had to work with Virtualmin. He chose Apache as the proxy, and it does work in Virtualmin, but not LetsEncrypt.

    BTW, this is a step up from the first contractor in my opinion who appeared to design some Rube Goldberg system where my site was http, but appeared to be https.

    @wwabbit said:
    Fire your contractor. Someone who knows what he's doing will be able to figure out how to resolve the letsencrypt issue.

    Hint: Run apache on ports 80, 8080 and 443. Port 80 checks for /.well-known/acme-challenge and serves accordingly, otherwise redirect to port 443. Port 443 proxies to varnish running on a different port (e.g. 8000). Run your application on port 8080, and have varnish proxy back to apache on that port.

  • perennateperennate Member, Host Rep
    edited June 2017

    Depending on what you use for DNS, validating the domain for Let's Encrypt via DNS might also be an option. https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation has some pointers. If anything at https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks (including godaddy/namecheap/namesilo) matches your DNS hosting, then it should be pretty straightforward to setup (you would be using dehydrated as the Let's Encrypt client instead of certbot), otherwise it's probably not worth it since you'd have to write your own hook.

  • StevenNStevenN Member, Host Rep

    We provide free wildcard SSL's with all our vps plans.

  • VMbox said: We provide free wildcard SSL's with all our vps plans.

    why are you spamming your free wildcard ssl which is same as http://assl.loovit.com/ without paying a penny. People only need SSL not combo vps + ssl.

  • @bap said:

    @yokowasis said:
    Have you tried online let's encrypt generator ? All you need to do is verify the domain and you can download the certificate.

    Since there are many sites offer this service, which one have you tried?
    And how to renew the cert?

    Well, when I am googling free ssl. The easiest of the list is sslforfree.com. I use this site for generating ssl certificate whenever for some reason I can't get let's ecnrypt module to work. Apart from verify your domain, either by dns record or uploading file or fill the ftp details, the certificate is generated easily.

    @MTUser2012 said:
    Are all certificates automatically wildcards? In other words, if i just list my domain www.domainname.com, will it work with mail.domainname.com? I see the box to add additional domains is huge. Alternatively, do you list *.domainname.com to get one that covers all potential subdomains?

    @Aluminat said:
    Free. No guarantees at all ;-)

    http://assl.loovit.net/

    Otherwise you can go with gogetssl. GGSSL from 55$/yrs

    https://www.gogetssl.com/ggssl/wildcard-ssl/

    Let's ecnrypt doesn't support wildcard certificate. If you want to use wildcard certificate I think you need to pay.

  • @MTUser2012 said:
    Very interesting. I can pass this along to him (I believe in giving people second chances, he has worked hard, generally seems to know what he is doing and isn't charging me an arm and a leg) He is constrained by one more thing that I didn't post previously. I am command line impaired - I can get around with simple tasks, but prefer to use a GUI. My GUI of choice is Virtualmin. My project specified that Varnish had to work properly with https using some proxy to forward traffic to port 443, and it had to work with Virtualmin. He chose Apache as the proxy, and it does work in Virtualmin, but not LetsEncrypt.

    BTW, this is a step up from the first contractor in my opinion who appeared to design some Rube Goldberg system where my site was http, but appeared to be https.

    @wwabbit said:
    Fire your contractor. Someone who knows what he's doing will be able to figure out how to resolve the letsencrypt issue.

    Hint: Run apache on ports 80, 8080 and 443. Port 80 checks for /.well-known/acme-challenge and serves accordingly, otherwise redirect to port 443. Port 443 proxies to varnish running on a different port (e.g. 8000). Run your application on port 8080, and have varnish proxy back to apache on that port.

    I too just tried virtualmin a few days ago. And I too can't get the let's encrypt to work. Forget let's ecnrypt, I even uploaded my ssl certificate manually, yet my server refuse to serve anything over ssl. And then I think, screw Virtualmin. I will just use Kloxo-MR. It has fancy icon like CPanel, and moreover the let's encrypt work.

    Disclaimer : your mileage may vary

  • @AaronSmith said:
    You can get Comodo Positive SSL Wildcard Certificate at discounted price $51.33 per year at cheapsslshop.com, I really impressed with their outstanding SSL installation support!!

    why this site spamming all SSL thread?

Sign In or Register to comment.