Let's say I edit my hosts file on my computer to make google.com point to my VPS server IP, and the server has virtual host/server block for google.com configured trough Apache or Nginx.
So when I visit google.com it'll load whatever is configured on the server through HTTP, how can I make it HTTPS? can I do it with Let's Encrypt? I have tried to edit the hosts file on the VPS itself and then run cert-bot, but that didn't work.
in simple words: I don't own the domain, but would like to own it on my machine only trough https.
I don't own the domain, but would like to own it on my machine only trough https.
You can't do it with a publicly trusted certificate. You can create your own PKI with your own trusted root CA which you import as trusted in your own browser. Then you can create the server certificates you want with this CA and since your browser trusts this CA it will also accept your own certificates.
There are many resources online which describe how to create your own CA, like here or here or here.
Related
I have a website for my podcast built with Python / Django that is hosted on Heroku: https://dinpodcast.herokuapp.com/
I have a custom domain parked on GoDaddy, dinpodcast.com, that has a www CNAME directing to my heroku application. This works just fine: https://www.dinpoddcast.com
I wanted dinpodcast.com to redirect to the www website, so I have the following domain forwarding set up on Godaddy:
This also works great, for the most part. Now, when I enter http://dinpodcast.com, or just dinpodcast.com, both will redirect to https://www.dinpodcast.com.
Here's the problem. When I enter the naked domain WITH HTTPS, so when I enter https://dinpodcast.com into a browser's address bar, I get the following response:
Here's what I THINK is happening. My SSL certificate is provided by Heroku under their Automated Certificate Management program. So, I assume that since I don't have an SSL certificate with GoDaddy, it's timing out trying to find one before it can redirect to my www subdomain. Would this be correct? If so, is there any way around this WITHOUT buying an SSL certificate with GoDaddy? If that's not what's happening, then what is and how do I fix it?
When you create an ssl certificate in your domain do you include your root domain? Tried using this tool in your root domain and it seems that there is no ssl certificate. However the subdomain https://dinpodcast.herokuapp.com/ has one. I suggest putting an ssl certificate in all subdomain and root domain that you are using.
I also checked the root domain’s IP address using this tool and checked port 443 using another tool and apparently the port is closed. Double check your firewall and make sure 443 is open.
I know importing the certificate into browser trust store can dismiss the warning, but is it the only workaround? Is it possible using a domain (with a valid SSL) to reverse proxy the localhost web server: redirecting user's request to the localhost?
If you have an external domain and a valid certificate for it (i.e. both certificate and key) you could configure your localhost server to serve this domain and use this certificate. To make sure that any local requests to this domain actually reach your local server instead of the external IP you need the appropriate name resolution though. This can be done for example by modifying the hosts file (i.e. /etc/hosts on UNIX, c:\Windows\System32\Drivers\etc\hosts on Windows).
In other words:
Configure the local web server to expect requests for example.com instead of localhost, i.e. set certificate and key you have for example.com and configure the expected name to example.com.
Modify the local hosts file to resolve example.com with 127.0.0.1.
Access the local web server with the local browser by using the URL https://example.com. Due to the changed local hosts file it will use 127.0.0.1 as the IP address for example.com and thus access the local web server. This will provide the publicly trusted certificate for example.com so that the browser will not complain (issuer CA is trusted and subject of certificate matches the URL).
Remember to change your local hosts file back if you want to access the real (external) example.com.
I have a domain (e.g.) example.com
I am using a virtual machine in a cloud having public IP. on this VM i am also using VirtualMin for shared hosting. so i have multple URLS to access different services such as email,wordpress, virtualmin console, and website address. now i need to use SSL on all these addresses however all these address does not change the sub domain. so do i need to buy wildcard (which is very expensive) or i can use simple SSL.
here are the site links that i need to encrypt.
Website https://example.com (hosted via virtualmin)
Email https://example.com/mail (hosted via virtualmin)
Wordpress https://example.com/wp-admin (hosted via virtualmin)
virtualmin https://example.com:10000 (virtualmin console)
virtualmin email https://example.com:20000 (virtualmin email console)
as you can see all these URLS has no change in sub domains rather port and landing directories are change. so do i need Normal SSL for all these links or i need wildcard ?
Thanks.
A Normal SSL will be fine for your needs, I would suggest creating a self signed certificate to test out your setup. Another tip is to look into the Let's Encrypt option as that will allow you to set up a Let's Encrypt certificate.
Virtualmin > Server Configuration > Manage SSL Certificate > Let's Encrypt
And then you will need to follow this guide:
https://www.virtualmin.com/documentation/tutorial/how-to-add-an-ssl-certificate
Once you have the SSL installed you then need to apply it to all the parts of the server via
Virtualmin > Server Configuration > Manage SSL Certificate > Current Certificate > Copy to Webmin / Copy to Usermin / Copy to Dovecot / Copy to Postfix
I have domain www.xyz.com with dedicated IP,SSL for www.xyz.com is already installed and working fine.
now through plesk panel i am able to create 10 sub domains.
I have created one sub domain named subdomain.xyz.com which is pointing to totaly different server.
I want to add SSL certificate for subdomain.xyz.com.
where i have to add SSL certificate, on the the server that sub domain is pointing or i can add SSL for subdomain.xyz.com from xyz.com plesk panel.
the subdomain is pointing to solaris server
You will need to install the SSL certificate on the actual server that is responding to your HTTPS requests (meaning, the one the subdomain points to). However, keep in mind that if you have a regular SSL certificate, then the certificate would have to be issued to the specific subdomain. For example, a regular SSL certificate for example.com does not validate against sub.example.com.
As an alternative, you can purchase a wildcard SSL certificate for your domain that will cover the new subdomain and any others you add later. More info on that here: https://www.digicert.com/wildcard-ssl-certificates.htm
I have a server which is hosting a domain named abc.com . I have an SSL certificate installed for this domain on server and abc.com require SSL. Now I have a sub domain say sub.abc.com which is secured by another SSL certificate.
Now this is what I did to bind. Clicked the main site abc.com in IIS and opened bindings. Now in bindings, I added https and for IP Address I gave All Unassigned. For SSL certificate I selected the SSL cert for abc.com.
Again for the sub domain binding I followed same steps but under IP Address I gave the IP (19.xxx.xx.xx) of my server. Under certificate I picked the certificate for sub.abc.com.
Now on a browser if I open sub.abc.com its working fine. But if I load abc.com then the site is loading with warning and its displaying the certificate of sub.abc.com instead of abc.com . In bindings I can confirm that I have mapped to correct certificate.
Not sure whats going wrong here. Any help highly appreciated.
If you are running IIS 8 and above, you can use SNI,
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
You may also go for WildCard certificate i.e a certificate issues to *.abc.com for the root domain , this will not only simplify your deployment and will provide adequate security as well.