Hey there, I am using a domain to redirect my users to their profile. Like a URL Shortener, kinda. But after adding the domain to ISPConfig, it only secures the main domain name xxx.com with the certificate. Is there any way I can easily create a certificate for all subdomains, since I am using a redirect and don't have fixed subdomain names. For example a user called Testuser would have testuser.xxx.com which redirects to yyy.com/testuser I have set the following on my Apache Settings: Code: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://yyy.com/$1 [R,L] RewriteCond %{HTTP_HOST} ^([^\.]+)\.xxx\.com$ RewriteRule ^/(.*)$ https://yyy.com/%1/$1 [R=301,L]
ISPConfig adds subdomains to certificate unless you turn that feature of. Did you create the subdomain as "Subdomain for website" in the ISPConfig panel?
The Issue is, since they are usernames, they are not fixed. Or should I add a subdomain called *? Website Settings: Auto Subdomain: *. SSL: ON Let's Encrypt SSL: ON Settings - Web - SSL: Skip Lets Encrypt Check: OFF
No, this won't help. You'll need a wildcard SSL cert in this case, but this can't be created trough ISPConfig. You'll either ahve to buy one or create it manually using acme.sh with DNS auth.
Ok, another question. Is it really necessary to have an SSL certificate on this domain if it only works like a redirect to another website? Since the only thing this domain is doing is to redirect from testuser.xxx.com to yyy.com/testuser Is there any way to do this without needing to have any certificate and avoiding the "secure connection failure warning" you normally get?
If you disable SSL and users visit the page over HTTPS, they will see a different site (the first in the list with HTTPS enabled). So that is not a good idea. (and will still show a secure connection warning). What you could do is disable the (if even enabled) redirect to HTTPS, but some browsers automatically redirect users to HTTPS, so that could still cause issues.
I was thinking that may be you can use self-signed ssl certs for your wildcard subdomain redirect if you do not want to create LE wildcard subdomain ssl certs for it but I am not sure this will even work because I never tested it.
You can create a self-signed wildcard certificate (well, signed by yourself, not signed by the CN), but you still get a certificate error because it's not signed by a known CA.
You mean it will show error first and will not automatically redirect sooner? I was thinking that could be possible as the right vhost for the wildcard subdomain can be read but will redirect to the other domain directory as soon as the settings in the vhost is read without opening any page in the wildcard subdomain. The behaviour you said is like reading that page first which I think may be not in @nushara case if the redirect is set at vhost level not index page level. Again, I never tested this and just putting my mind out in writing, so I am sorry in advance, if this misleads in any way.
