Koozali.org: home of the SME Server

lets encrypt and purchased certificate

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
lets encrypt and purchased certificate
« on: August 02, 2020, 01:06:58 PM »
Hi, im hoping to add an ev ssl cert to my sme server that is running my ecomm website. I was using a 3rd party but found to many issues so bought it back in house.
As part of the move i use lets encrypt as a temp measure but want to add an ev ssl to it.
I have a 3 subdomains on this. My question i suppose is, do i buy a wildcard cert (will that help with ranking etc) and move to just that, or 2 ev ssl certs for the 2 main domains (old ecomm site and new, old one will be redirected when new site is complete) and use lets encrypt for the remaining?

Thanks again
James

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: lets encrypt and purchased certificate
« Reply #1 on: August 03, 2020, 12:10:05 PM »
I *think* (and Jean Philippe can correct me) is that you will need a cert for all domains.

As it stands currently on SME, Apache is not configured to use different certs for different domains. Letsencrypt uses one cert for all domains.

You'd have to hack httpd.conf templates to get a config like this:

https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

This is something we are looking at implementing in v10.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: lets encrypt and purchased certificate
« Reply #2 on: August 03, 2020, 09:37:36 PM »
I *think* (and Jean Philippe can correct me) is that you will need a cert for all domains.

As it stands currently on SME, Apache is not configured to use different certs for different domains. Letsencrypt uses one cert for all domains.

You'd have to hack httpd.conf templates to get a config like this:

https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

This is something we are looking at implementing in v10.
Ah, so i either need the lets encrypt on all or a wildcard cert to use for all (in this case)

Does anyone know if it affects ranking ie lets encrypt vs an ev ssl. I accept id rather use an ev cert but dont want to break the other sub domains

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: lets encrypt and purchased certificate
« Reply #3 on: August 05, 2020, 04:53:15 PM »
sni (ability to have a ssl cert par virtualhost/domain) is possible on sme9 but no easy way to use it. you will need to do your own template custom. But beware this will work only for httpd not for email services. they will still use the main cert only



this way you can define a paid cert for a particular vortualhost and it should override the main cert with most recent web browsers.

 
otherwise you will need ONE certificate including all available domains and subdomains on your server.

working currently on sme10 to have it on stock sme.