• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question CNAME and SSL

C

Chepplesk

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.58
Hi, I need to point a domain of one of my client (crm.tenant.ext) via CNAME to a site of mine hosted on Plesk (tenant.myserver.ext).

crm.tenant.ext CNAME tenant.myserver.ext

My client created the CNAME , technically everything works except the Let's Encrypt SSL certificate. I get the error SSL_ERROR_BAD_CERT_DOMAIN because the certificate is valid only for tenant.myserver.ext and not for the source domain (crm.tenant.ext). My server has Plesk Obsidian updated to the latest release, and Debian 11. How to fix it? Thanks to all
 
You could create crm.tenant.ext as a new domain in the same subscription ("Add domain" button), but enter the same document root directory into it that tenant.myserver.ext uses. When crm.tenant.ext resolves to tenant.myserver.ext, it should be possible to issue a domain validated SSL certificate for it.
 
Chepplesk said:
Hi, I need to point a domain of one of my client (crm.tenant.ext) via CNAME to a site of mine hosted on Plesk (tenant.myserver.ext).

crm.tenant.ext CNAME tenant.myserver.ext

My client created the CNAME , technically everything works except the Let's Encrypt SSL certificate. I get the error SSL_ERROR_BAD_CERT_DOMAIN because the certificate is valid only for tenant.myserver.ext and not for the source domain (crm.tenant.ext). My server has Plesk Obsidian updated to the latest release, and Debian 11. How to fix it? Thanks to all
Click to expand...
Review there is a DNS entry for A record *.myserver.ext, if there is not probably this could be the issue.
 
What? No, you don't need an A record for `*.myserver.ext`. I have done a similar thing myself.
I added a regular CNAME record for `crm.tenant.ext` over the DNS settings. And I created just an wildcard letsencrypt certifcate for tenant.ext (which is `*.tenant.ext`):

1721973874115.png

It took one day that the certificate for the CNAME was in action, but it works.
 
bernhardh86 said:
What? No, you don't need an A record for `*.myserver.ext`. I have done a similar thing myself.
I added a regular CNAME record for `crm.tenant.ext` over the DNS settings. And I created just an wildcard letsencrypt certifcate for tenant.ext (which is `*.tenant.ext`):

View attachment 26726

It took one day that the certificate for the CNAME was in action, but it works.
Click to expand...
Wildcard works and you specify the issue was with CNAME but when its a domain I am going to use to create different applications, and I don't know the names yet, crm.domain, support.domain, etc I like to create the DNS record A * domain so I am able to create subdomains on the fly and add SSL without the need of wildcard certificates.
 
You must log in or register to reply here.

Similar threads

J
Resolved Problem with SSL
Replies
2
Views
132
JanBr
J
D
Question Renewing Let's encrypt automatically
Replies
3
Views
511
Kaspar
K
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
773
mow
M
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
910
tessa67
T
carlsson
Issue Can't issue SSL certificate!? Help!
Replies
5
Views
890
Peter Debik
P
Back
Top