let's encrypt or SSL on rewritten domain





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







1















I'm using Centos 7 with Plesk (1and1 dedicated server) and Apache and we want to secure all our website with let's encrypt where possible, though we have a problem with 2 domain that has been rewritten with Apache rules.



here the code we use to rewrite the domain:



ServerAlias www.traffweb.portsmouth.gov.uk traffweb.portsmouth.gov.uk
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(w{3}.)?portsmouthtraffweb.uk [NC]
RewriteRule (.*) http://www.traffweb.portsmouth.gov.uk/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]


and then



/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain portsmouthtraffweb.uk


not really sure if the last command is necessary, I think that the last time I just insert the apache rules and that's it.



In our server we have (and we own) portsmouthtraffweb.uk while traffweb.portsmouth.gov.uk it's own by the client, this subdomain doesn't exist anywhere, it's been redirect on the DNS with an A Record to point to our server IP.



Basically in the server exist portsmouthtraffweb.uk and if enter traffic requests for traffweb.portsmouth.gov.uk it redirect to use the directory of portsmouthtraffweb.uk



I tried to use Let's encrypt in Plesk but when I applied the certificate the rewritten rule is being ignore and the URL displayed is the one on the server not the one we want to display.



How can I secure those domains? A part from me that I use both domain to see the website, everyone else will use just the correct URL traffweb.portsmouth.gov.uk as it will be publicise with this DOMAIN NAME.



I don't mind to do some code on the server as we own the servers so I can connect as a root and as you can see this command was done on the server and not through Plesk, sometimes I just prefer do thing in Plesk because it require less time.










share|improve this question





























    1















    I'm using Centos 7 with Plesk (1and1 dedicated server) and Apache and we want to secure all our website with let's encrypt where possible, though we have a problem with 2 domain that has been rewritten with Apache rules.



    here the code we use to rewrite the domain:



    ServerAlias www.traffweb.portsmouth.gov.uk traffweb.portsmouth.gov.uk
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^(w{3}.)?portsmouthtraffweb.uk [NC]
    RewriteRule (.*) http://www.traffweb.portsmouth.gov.uk/$1 [R=301,L]
    RewriteCond %{HTTP_HOST} !^www.
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]


    and then



    /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain portsmouthtraffweb.uk


    not really sure if the last command is necessary, I think that the last time I just insert the apache rules and that's it.



    In our server we have (and we own) portsmouthtraffweb.uk while traffweb.portsmouth.gov.uk it's own by the client, this subdomain doesn't exist anywhere, it's been redirect on the DNS with an A Record to point to our server IP.



    Basically in the server exist portsmouthtraffweb.uk and if enter traffic requests for traffweb.portsmouth.gov.uk it redirect to use the directory of portsmouthtraffweb.uk



    I tried to use Let's encrypt in Plesk but when I applied the certificate the rewritten rule is being ignore and the URL displayed is the one on the server not the one we want to display.



    How can I secure those domains? A part from me that I use both domain to see the website, everyone else will use just the correct URL traffweb.portsmouth.gov.uk as it will be publicise with this DOMAIN NAME.



    I don't mind to do some code on the server as we own the servers so I can connect as a root and as you can see this command was done on the server and not through Plesk, sometimes I just prefer do thing in Plesk because it require less time.










    share|improve this question

























      1












      1








      1








      I'm using Centos 7 with Plesk (1and1 dedicated server) and Apache and we want to secure all our website with let's encrypt where possible, though we have a problem with 2 domain that has been rewritten with Apache rules.



      here the code we use to rewrite the domain:



      ServerAlias www.traffweb.portsmouth.gov.uk traffweb.portsmouth.gov.uk
      RewriteEngine on
      RewriteCond %{HTTP_HOST} ^(w{3}.)?portsmouthtraffweb.uk [NC]
      RewriteRule (.*) http://www.traffweb.portsmouth.gov.uk/$1 [R=301,L]
      RewriteCond %{HTTP_HOST} !^www.
      RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]


      and then



      /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain portsmouthtraffweb.uk


      not really sure if the last command is necessary, I think that the last time I just insert the apache rules and that's it.



      In our server we have (and we own) portsmouthtraffweb.uk while traffweb.portsmouth.gov.uk it's own by the client, this subdomain doesn't exist anywhere, it's been redirect on the DNS with an A Record to point to our server IP.



      Basically in the server exist portsmouthtraffweb.uk and if enter traffic requests for traffweb.portsmouth.gov.uk it redirect to use the directory of portsmouthtraffweb.uk



      I tried to use Let's encrypt in Plesk but when I applied the certificate the rewritten rule is being ignore and the URL displayed is the one on the server not the one we want to display.



      How can I secure those domains? A part from me that I use both domain to see the website, everyone else will use just the correct URL traffweb.portsmouth.gov.uk as it will be publicise with this DOMAIN NAME.



      I don't mind to do some code on the server as we own the servers so I can connect as a root and as you can see this command was done on the server and not through Plesk, sometimes I just prefer do thing in Plesk because it require less time.










      share|improve this question














      I'm using Centos 7 with Plesk (1and1 dedicated server) and Apache and we want to secure all our website with let's encrypt where possible, though we have a problem with 2 domain that has been rewritten with Apache rules.



      here the code we use to rewrite the domain:



      ServerAlias www.traffweb.portsmouth.gov.uk traffweb.portsmouth.gov.uk
      RewriteEngine on
      RewriteCond %{HTTP_HOST} ^(w{3}.)?portsmouthtraffweb.uk [NC]
      RewriteRule (.*) http://www.traffweb.portsmouth.gov.uk/$1 [R=301,L]
      RewriteCond %{HTTP_HOST} !^www.
      RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]


      and then



      /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain portsmouthtraffweb.uk


      not really sure if the last command is necessary, I think that the last time I just insert the apache rules and that's it.



      In our server we have (and we own) portsmouthtraffweb.uk while traffweb.portsmouth.gov.uk it's own by the client, this subdomain doesn't exist anywhere, it's been redirect on the DNS with an A Record to point to our server IP.



      Basically in the server exist portsmouthtraffweb.uk and if enter traffic requests for traffweb.portsmouth.gov.uk it redirect to use the directory of portsmouthtraffweb.uk



      I tried to use Let's encrypt in Plesk but when I applied the certificate the rewritten rule is being ignore and the URL displayed is the one on the server not the one we want to display.



      How can I secure those domains? A part from me that I use both domain to see the website, everyone else will use just the correct URL traffweb.portsmouth.gov.uk as it will be publicise with this DOMAIN NAME.



      I don't mind to do some code on the server as we own the servers so I can connect as a root and as you can see this command was done on the server and not through Plesk, sometimes I just prefer do thing in Plesk because it require less time.







      centos7 plesk lets-encrypt






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 23 '18 at 8:26









      SebastianoSebastiano

      13613




      13613
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Hey @Sebastiano :wave:



          You actually cannot get a cert for a domain you don't control legitimately. I think this might be the problem.



          Are you sure they are using an A record (points to IP address) and not a AAAA record or most likely CNAME record or other redirect mechanism?



          It would be the .gov.uk administrator job to get a cert for their side if they control the domain. You can use services like https://www.whatsmydns.net/ (google for "check DNS propagation" if that link is dead) to verify that it indeed points to your domain, or server IPs.



          If it's a CNAME, then from your side it should just be porsmouthtraffweb.uk so you'd need to ensure that firstly resolves directly to the server you want an SSL for. You'd then also need a separate vhost with the same webroot. https://certbot.eff.org/all-instructions provides an exhaustive list. I use the webroot option for smaller sites, but I've been assured you can even use DNS to secure SSL certificates (so long as you control the DNS).



          Here is one for my local linux club which was running Apache 2.2 (since upgraded to Nginx) https://gist.github.com/Lewiscowles1986/dda7382e21a7ec66089730f7945842f0



          Certificates should be stored outside of the webroot. Letsencrypt ones live under /etc/letsencrypt. You may also want to generate a dhparams.pem



          openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096


          Once that server resolves and knows portsmouthtraffweb.uk resolves to your servers, you can request a LetsEncrypt cert for that domain only. Similarly if the .gov.uk one resolves to your servers, you can request a certificate for that domain only.



          I use the certbot utility, but you may find commercial providers are better suited to secure a government website.



          It's Lewis Btw






          share|improve this answer


























          • Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

            – Sebastiano
            Nov 26 '18 at 8:15












          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53443010%2flets-encrypt-or-ssl-on-rewritten-domain%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Hey @Sebastiano :wave:



          You actually cannot get a cert for a domain you don't control legitimately. I think this might be the problem.



          Are you sure they are using an A record (points to IP address) and not a AAAA record or most likely CNAME record or other redirect mechanism?



          It would be the .gov.uk administrator job to get a cert for their side if they control the domain. You can use services like https://www.whatsmydns.net/ (google for "check DNS propagation" if that link is dead) to verify that it indeed points to your domain, or server IPs.



          If it's a CNAME, then from your side it should just be porsmouthtraffweb.uk so you'd need to ensure that firstly resolves directly to the server you want an SSL for. You'd then also need a separate vhost with the same webroot. https://certbot.eff.org/all-instructions provides an exhaustive list. I use the webroot option for smaller sites, but I've been assured you can even use DNS to secure SSL certificates (so long as you control the DNS).



          Here is one for my local linux club which was running Apache 2.2 (since upgraded to Nginx) https://gist.github.com/Lewiscowles1986/dda7382e21a7ec66089730f7945842f0



          Certificates should be stored outside of the webroot. Letsencrypt ones live under /etc/letsencrypt. You may also want to generate a dhparams.pem



          openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096


          Once that server resolves and knows portsmouthtraffweb.uk resolves to your servers, you can request a LetsEncrypt cert for that domain only. Similarly if the .gov.uk one resolves to your servers, you can request a certificate for that domain only.



          I use the certbot utility, but you may find commercial providers are better suited to secure a government website.



          It's Lewis Btw






          share|improve this answer


























          • Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

            – Sebastiano
            Nov 26 '18 at 8:15
















          0














          Hey @Sebastiano :wave:



          You actually cannot get a cert for a domain you don't control legitimately. I think this might be the problem.



          Are you sure they are using an A record (points to IP address) and not a AAAA record or most likely CNAME record or other redirect mechanism?



          It would be the .gov.uk administrator job to get a cert for their side if they control the domain. You can use services like https://www.whatsmydns.net/ (google for "check DNS propagation" if that link is dead) to verify that it indeed points to your domain, or server IPs.



          If it's a CNAME, then from your side it should just be porsmouthtraffweb.uk so you'd need to ensure that firstly resolves directly to the server you want an SSL for. You'd then also need a separate vhost with the same webroot. https://certbot.eff.org/all-instructions provides an exhaustive list. I use the webroot option for smaller sites, but I've been assured you can even use DNS to secure SSL certificates (so long as you control the DNS).



          Here is one for my local linux club which was running Apache 2.2 (since upgraded to Nginx) https://gist.github.com/Lewiscowles1986/dda7382e21a7ec66089730f7945842f0



          Certificates should be stored outside of the webroot. Letsencrypt ones live under /etc/letsencrypt. You may also want to generate a dhparams.pem



          openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096


          Once that server resolves and knows portsmouthtraffweb.uk resolves to your servers, you can request a LetsEncrypt cert for that domain only. Similarly if the .gov.uk one resolves to your servers, you can request a certificate for that domain only.



          I use the certbot utility, but you may find commercial providers are better suited to secure a government website.



          It's Lewis Btw






          share|improve this answer


























          • Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

            – Sebastiano
            Nov 26 '18 at 8:15














          0












          0








          0







          Hey @Sebastiano :wave:



          You actually cannot get a cert for a domain you don't control legitimately. I think this might be the problem.



          Are you sure they are using an A record (points to IP address) and not a AAAA record or most likely CNAME record or other redirect mechanism?



          It would be the .gov.uk administrator job to get a cert for their side if they control the domain. You can use services like https://www.whatsmydns.net/ (google for "check DNS propagation" if that link is dead) to verify that it indeed points to your domain, or server IPs.



          If it's a CNAME, then from your side it should just be porsmouthtraffweb.uk so you'd need to ensure that firstly resolves directly to the server you want an SSL for. You'd then also need a separate vhost with the same webroot. https://certbot.eff.org/all-instructions provides an exhaustive list. I use the webroot option for smaller sites, but I've been assured you can even use DNS to secure SSL certificates (so long as you control the DNS).



          Here is one for my local linux club which was running Apache 2.2 (since upgraded to Nginx) https://gist.github.com/Lewiscowles1986/dda7382e21a7ec66089730f7945842f0



          Certificates should be stored outside of the webroot. Letsencrypt ones live under /etc/letsencrypt. You may also want to generate a dhparams.pem



          openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096


          Once that server resolves and knows portsmouthtraffweb.uk resolves to your servers, you can request a LetsEncrypt cert for that domain only. Similarly if the .gov.uk one resolves to your servers, you can request a certificate for that domain only.



          I use the certbot utility, but you may find commercial providers are better suited to secure a government website.



          It's Lewis Btw






          share|improve this answer















          Hey @Sebastiano :wave:



          You actually cannot get a cert for a domain you don't control legitimately. I think this might be the problem.



          Are you sure they are using an A record (points to IP address) and not a AAAA record or most likely CNAME record or other redirect mechanism?



          It would be the .gov.uk administrator job to get a cert for their side if they control the domain. You can use services like https://www.whatsmydns.net/ (google for "check DNS propagation" if that link is dead) to verify that it indeed points to your domain, or server IPs.



          If it's a CNAME, then from your side it should just be porsmouthtraffweb.uk so you'd need to ensure that firstly resolves directly to the server you want an SSL for. You'd then also need a separate vhost with the same webroot. https://certbot.eff.org/all-instructions provides an exhaustive list. I use the webroot option for smaller sites, but I've been assured you can even use DNS to secure SSL certificates (so long as you control the DNS).



          Here is one for my local linux club which was running Apache 2.2 (since upgraded to Nginx) https://gist.github.com/Lewiscowles1986/dda7382e21a7ec66089730f7945842f0



          Certificates should be stored outside of the webroot. Letsencrypt ones live under /etc/letsencrypt. You may also want to generate a dhparams.pem



          openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096


          Once that server resolves and knows portsmouthtraffweb.uk resolves to your servers, you can request a LetsEncrypt cert for that domain only. Similarly if the .gov.uk one resolves to your servers, you can request a certificate for that domain only.



          I use the certbot utility, but you may find commercial providers are better suited to secure a government website.



          It's Lewis Btw







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 26 '18 at 5:26

























          answered Nov 25 '18 at 22:09









          MrMeseesMrMesees

          6471217




          6471217













          • Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

            – Sebastiano
            Nov 26 '18 at 8:15



















          • Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

            – Sebastiano
            Nov 26 '18 at 8:15

















          Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

          – Sebastiano
          Nov 26 '18 at 8:15





          Hi Lewis, yes the porsmouthtraffweb.uk resolve to my server IP. I was using it till I implemented the Apache rules. the .gov.uk should have just an A record as I told them to create it and insert our server IP address. What I don't understand is how can I apply an SSL to a domain that doesn't exist physically because the .gov.uk exist just on the DNS and it use the path of porsmouthtraffweb.uk when it enter in my server but they haven't created as a subdomain on their server.

          – Sebastiano
          Nov 26 '18 at 8:15




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53443010%2flets-encrypt-or-ssl-on-rewritten-domain%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          How to change which sound is reproduced for terminal bell?

          Can I use Tabulator js library in my java Spring + Thymeleaf project?

          Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents