A client of ours have their website hosted by another company.
We're doing their DNS-hosting for a certain domain.
That other company asked us to create a cname for the www.clientdomain.com and a cname for clientdomain.com.
Those should refer to a herokudns.com address
Creating that record on the bare name is not possible using bind9 and also Plesk prevents this because it's not RFC-compliant.
When they asked me to do this I never heard of "cname flattening" as they called it and I decided to read up on it.
AFAIK it's not possible to do this with bind.
I proposed a workaround.
I would host clientdomain.com and they would host www.clientdomain.com
On http://clientdomain.com I'm only forwarding to http://www.clientdomain.com/
All is well thus far.
This is more the introduction how I got into this situation:
Because nowadays one should use https instead of http I asked them to make their site https. So https://www.clientdomain.com (note the www).
Yesterday in the afternoon I enabled a LetsEncrypt certificate on our Plesk.
I deliberately didn't select the www prefix.
That worked fine.
So https://clientdomain.com is working and refering to http://www.clientdomain.com
But now it seems they can't select a LetsEncrypt certificate anymore on their server.
I was now thinking of this workaround:
In /etc/nginx/plesk.conf.d/vhosts/clientdomain.com I can find the exact certificate info for the domain clientdomain.com (and www.clientdomain.com if I do that process again).
I could give them the certificate including private key and they could install it on their server.
No smart scripts, just a certificate install.
I'm convinced it will then work for a while.
I just wonder what will happen if the certificate is renewed in 3 months
Is that a reissue of the certificate or will the date be shifted?
Another question....
Are the problems they are now having with their server/certificate related to the issued LetsEncrypt certificate on our Plesk?
We're doing their DNS-hosting for a certain domain.
That other company asked us to create a cname for the www.clientdomain.com and a cname for clientdomain.com.
Those should refer to a herokudns.com address
Creating that record on the bare name is not possible using bind9 and also Plesk prevents this because it's not RFC-compliant.
When they asked me to do this I never heard of "cname flattening" as they called it and I decided to read up on it.
AFAIK it's not possible to do this with bind.
I proposed a workaround.
I would host clientdomain.com and they would host www.clientdomain.com
On http://clientdomain.com I'm only forwarding to http://www.clientdomain.com/
All is well thus far.
This is more the introduction how I got into this situation:
Because nowadays one should use https instead of http I asked them to make their site https. So https://www.clientdomain.com (note the www).
Yesterday in the afternoon I enabled a LetsEncrypt certificate on our Plesk.
I deliberately didn't select the www prefix.
That worked fine.
So https://clientdomain.com is working and refering to http://www.clientdomain.com
But now it seems they can't select a LetsEncrypt certificate anymore on their server.
I was now thinking of this workaround:
In /etc/nginx/plesk.conf.d/vhosts/clientdomain.com I can find the exact certificate info for the domain clientdomain.com (and www.clientdomain.com if I do that process again).
I could give them the certificate including private key and they could install it on their server.
No smart scripts, just a certificate install.
I'm convinced it will then work for a while.
I just wonder what will happen if the certificate is renewed in 3 months
Is that a reissue of the certificate or will the date be shifted?
Another question....
Are the problems they are now having with their server/certificate related to the issued LetsEncrypt certificate on our Plesk?