How to create SSL Cert for all subdomains?

Discussion in 'Installation/Configuration' started by nushara, Feb 21, 2021.

  1. nushara

    nushara New Member

    Hey there,

    I am using a domain to redirect my users to their profile. Like a URL Shortener, kinda.
    But after adding the domain to ISPConfig, it only secures the main domain name with the certificate.

    Is there any way I can easily create a certificate for all subdomains, since I am using a redirect and don't have fixed subdomain names.
    For example a user called Testuser would have which redirects to

    I have set the following on my Apache Settings:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*)$1 [R,L]
    RewriteCond %{HTTP_HOST} ^([^\.]+)\.xxx\.com$
    RewriteRule ^/(.*)$$1 [R=301,L]
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    ISPConfig adds subdomains to certificate unless you turn that feature of. Did you create the subdomain as "Subdomain for website" in the ISPConfig panel?
  3. nushara

    nushara New Member

    The Issue is, since they are usernames, they are not fixed. Or should I add a subdomain called *?

    Website Settings:
    Auto Subdomain: *.
    SSL: ON
    Let's Encrypt SSL: ON

    Settings - Web - SSL:
    Skip Lets Encrypt Check: OFF
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, this won't help. You'll need a wildcard SSL cert in this case, but this can't be created trough ISPConfig. You'll either ahve to buy one or create it manually using with DNS auth.
  5. nushara

    nushara New Member

    Ok, another question. Is it really necessary to have an SSL certificate on this domain if it only works like a redirect to another website?

    Since the only thing this domain is doing is to redirect from to

    Is there any way to do this without needing to have any certificate and avoiding the "secure connection failure warning" you normally get?
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If you disable SSL and users visit the page over HTTPS, they will see a different site (the first in the list with HTTPS enabled). So that is not a good idea. (and will still show a secure connection warning).

    What you could do is disable the (if even enabled) redirect to HTTPS, but some browsers automatically redirect users to HTTPS, so that could still cause issues.
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I was thinking that may be you can use self-signed ssl certs for your wildcard subdomain redirect if you do not want to create LE wildcard subdomain ssl certs for it but I am not sure this will even work because I never tested it.
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You can create a self-signed wildcard certificate (well, signed by yourself, not signed by the CN), but you still get a certificate error because it's not signed by a known CA.
  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    You mean it will show error first and will not automatically redirect sooner?

    I was thinking that could be possible as the right vhost for the wildcard subdomain can be read but will redirect to the other domain directory as soon as the settings in the vhost is read without opening any page in the wildcard subdomain.

    The behaviour you said is like reading that page first which I think may be not in @nushara case if the redirect is set at vhost level not index page level.

    Again, I never tested this and just putting my mind out in writing, so I am sorry in advance, if this misleads in any way.

Share This Page