Re: Multiple domains and https using bozohttpd

[Brad Spencer <brad%anduin.eldar.org@localhost>]

Mayuresh <mayuresh%acm.org@localhost> writes:

> I have a VPS serving http on 2 domains using bozohttpd and irtual domains.
>
> Although I am not very enthused about this, particularly these being very
> basic static websites, may just have to follow the trend and adopt https
> on these websites.
>
> I have a separate letsencrypt certificate for each domain. But I think I
> can use only 1 certificate with a web server, on one port. Running on a
> non standard port is not a great option for a website.
>
> I am not sure if I can have a common letsencrypt certificate for multiple
> domains.

You can.  Letsencrypt supports Subject Alternative Name and you can
request such a cert if you use the DNS method of validation.  To use the
DNS method you must be able to control the DNS entries for the domain.
See pkgsrc security/py-certbot-dns-rfc2136 or one of the other
py-certbot-dns- packages for hints.


% openssl x509 -in /usr/pkg/etc/httpd/server.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:8f:d6:ca:79:f4:a0:d2:5a:60:a3:0c:88:66:56:8e:17:5d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R13
        Validity
            Not Before: Oct  2 08:03:48 2025 GMT
            Not After : Dec 31 08:03:47 2025 GMT
        Subject: CN = anduin.eldar.org
.
.
.
            X509v3 Subject Alternative Name: 
                DNS:anduin.eldar.org, DNS:eldar.org, DNS:www.eldar.org
.
.

> So, what are some good ways to deal with this?





-- 
Brad Spencer - brad%anduin.eldar.org@localhost