New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best Price/Service for *.domain.com SSL Cert? LetsEncrypt Won't Work on My Server
MTUser2012
Member
in Help
After installing Varnish and using Apache to forward all traffic on port 80 to 443, I can't get LetsEncrypt to work anymore. My current Cert is good until September. I need to find a commercial replacement by then. Before LetsEncrypt, I used to use cheapssls to buy certs, but only for the root domain. I'd like to buy a cert that covers all subdomains for a reasonable price - this isn't an ecommerce store, so I don't need all the extra guarantees. Any suggestions?
Comments
Free. No guarantees at all ;-)
http://assl.loovit.net/
Otherwise you can go with gogetssl. GGSSL from 55$/yrs
https://www.gogetssl.com/ggssl/wildcard-ssl/
+1 for both
How about adding something like this to your port 80 virtual host config to make Let's Encrypt working:
https://pastebin.com/mkzD0WyS
I had to use pastebin since CloudFlare seems to think that I'm trying to do some sort of SQL injection.
I'll check them both out. Thanks for the suggestion. Lowest I saw was over $100 at cheapssl, which means it ain't that cheap.
Thank you for the suggestion. I would be great if this problem was solved. But, I didn't do the changeover myself, a contractor did. He describes the error like this:
The problem is letsenscrypt creates links based on port 80, but the links don't get fetched properly through varnish resulting in a error.
Have you tried online let's encrypt generator ? All you need to do is verify the domain and you can download the certificate.
Another option is to use the cloudflare certificate
Both options are free.
https://en.sklep.certum.pl/data-safety/ssl-certificates/commercial-ssl.html
Since there are many sites offer this service, which one have you tried?
And how to renew the cert?
sslforfree.com renewal notification mail is sent to account's email.
Are all certificates automatically wildcards? In other words, if i just list my domain www.domainname.com, will it work with mail.domainname.com? I see the box to add additional domains is huge. Alternatively, do you list *.domainname.com to get one that covers all potential subdomains?
Yes. You must list *.domainname.com to order all subdomain.
Fire your contractor. Someone who knows what he's doing will be able to figure out how to resolve the letsencrypt issue.
Hint: Run apache on ports 80, 8080 and 443. Port 80 checks for /.well-known/acme-challenge and serves accordingly, otherwise redirect to port 443. Port 443 proxies to varnish running on a different port (e.g. 8000). Run your application on port 8080, and have varnish proxy back to apache on that port.
GoGetSSL always worked great for me, they give longer renewals each time too.
You should choose ssl2buy.com, wildcard certificate available at $38 per year - https://www.ssl2buy.com/wildcard-ssl-certificate
Good experience and very convenient for me. Highly appreciate!!
Very interesting. I can pass this along to him (I believe in giving people second chances, he has worked hard, generally seems to know what he is doing and isn't charging me an arm and a leg) He is constrained by one more thing that I didn't post previously. I am command line impaired - I can get around with simple tasks, but prefer to use a GUI. My GUI of choice is Virtualmin. My project specified that Varnish had to work properly with https using some proxy to forward traffic to port 443, and it had to work with Virtualmin. He chose Apache as the proxy, and it does work in Virtualmin, but not LetsEncrypt.
BTW, this is a step up from the first contractor in my opinion who appeared to design some Rube Goldberg system where my site was http, but appeared to be https.
Depending on what you use for DNS, validating the domain for Let's Encrypt via DNS might also be an option. https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation has some pointers. If anything at https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks (including godaddy/namecheap/namesilo) matches your DNS hosting, then it should be pretty straightforward to setup (you would be using dehydrated as the Let's Encrypt client instead of certbot), otherwise it's probably not worth it since you'd have to write your own hook.
We provide free wildcard SSL's with all our vps plans.
why are you spamming your free wildcard ssl which is same as http://assl.loovit.com/ without paying a penny. People only need SSL not combo vps + ssl.
Well, when I am googling free ssl. The easiest of the list is sslforfree.com. I use this site for generating ssl certificate whenever for some reason I can't get let's ecnrypt module to work. Apart from verify your domain, either by dns record or uploading file or fill the ftp details, the certificate is generated easily.
Let's ecnrypt doesn't support wildcard certificate. If you want to use wildcard certificate I think you need to pay.
I too just tried virtualmin a few days ago. And I too can't get the let's encrypt to work. Forget let's ecnrypt, I even uploaded my ssl certificate manually, yet my server refuse to serve anything over ssl. And then I think, screw Virtualmin. I will just use Kloxo-MR. It has fancy icon like CPanel, and moreover the let's encrypt work.
Disclaimer : your mileage may vary
why this site spamming all SSL thread?