Hello all, this is Yellow, today we are going to look at a job where we have there is a good domain with a history. We will pour traffic on subdomains, and not to add each time a new subdomain in DNS records and not to bother with the issue of HTTPS-certificates for each subdomain - create a so-called wildcard-certificate for HTTPS, which allows us to use absolutely ANY subdomains!
What do you mean "absolutely any"? Literally any. Take our "trust" domain example.com and make up your own subdomains: lalala.example.com, holyshit.example.com, wow.example.com, and so on. All subdomains will automatically display our bundle deployed on the main example.com domain.
For this to work, we need two things: a wildcard DNS record and a wildcard certificate. WARNING: Not all domain registrars support adding wildcard DNS records! Say, NameCheap and Beget support, but Freenom does not (So if you have registered a domain there, then transfer it to other DNS-servers, let's say servers Beget ☝ To do this, assign new DNS servers to the domain: ns1.beget.com and ns2.beget.com.
Create a wildcard DNS record
Beget
It's simple: go to "Managing DNS records" and there we add an entry like this:
- Name: *
- Type: A
- The address is: The IP address of your server
NameCheap
Go to the domain, then to "Advanced DNS" and let's go:
- Type: A Record
- Host: *
- Value: Your server IP
We're done with wildcard entries. Let's go add a certificate!
Create a Wildcard certificate for HTTPS
I'll show you two options here:
Creating a wildcard certificate in Beget
Let's go to "Managing Domains and Subdomains" and there we issue a wildcard certificate. WARNINGDon't forget to direct all traffic from the subdomains to the main domain!
Creating a wildcard certificate at your site VPS/VDS
I'm assuming that you already have Apache or Nginx installed on your virtual server, a configuration file for your domain created, and a bundle deployed in your domain folder. You must also have the certbot utility installed to issue certificates. All you have to do is run the following command:
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.org -d example.org --manual --preferred-challenges dns-01 certonly --agree-tos
Replacing example.org to your domain, run the command and Certbot itself will add to the configuration of the web server domain (in my case it is nginx) the necessary entries to pick up certificates:
Conclusion
After all the above manipulations you will have an unlimited number of subdomains. By the way, if you use my free clo.then you will be able to put a separate one for each subdomain. White for testing! And that's it, pour in the plus and do not forget to throw donate to the author for a cup of puerh!
That's a good one.
Question. Can the certificate be issued directly in the Letescrypt interface?
I'm doing it through zerossl now, I'm sick of updating the whole thing every six months.
in the interface - I don't know, maybe in the hosting like Beget in the built-in. And on the servers, you can use certbot and cron.
Hi, thanks for posting. How do I direct traffic from the subdomain to the main domain?
Depends on hosting