• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Redirect all undefined subdomains to main domain not working

Azurel

Azurel

Silver Pleskian
I want redirect all undefined subdomains to www.example.com. So I have add in my apache settings for "example.com" in "Additional directives for HTTPS"
ServerAlias *.example.com
<Directory /var/www/vhosts/example.com/httpdocs>
AllowOverride None
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
</Directory>
Click to expand...

But instead of redirect abc.example.com to www.example.com my browser shows me URL abc.example.com with error NET::ERR_CERT_AUTHORITY_INVALID
In DNS I have wildcard "*" entry for server ips. I'm missing here a point or is it necessary to create a wildcard domain?

CentOS Linux 7.7.1908 (Core) / Plesk Obsidian 18.0.26
 
Last edited:
  1. Create example.com in Plesk
  2. Set preferred to www.example.com for example.com
  3. Create "*" (wildcard) subdomain *.example.com, which points to httpsdocs of example.com
  4. If you got subdomains defined like smtp.example.com, they will work like normal. If non-existant subdomains are chosen e.g. 123-321.example.com, they will go to example.com, which rewrites to www.example.com
  5. Voilá
See also:

docs.plesk.com

Adding Wildcard Subdomains (Linux)

Use wildcard subdomains to redirect visitors from non-existent subdomains to one of your websites, commonly, to your ...
docs.plesk.com docs.plesk.com
 
Thanks, but exactly that was my question. ;)
It is or is it not necessary to create a wildcard domain. Its look like overhead to create a subdomain only for a simple redirect to main domain.

But I tested it with extra *.example.com subdomain. Still I get the same result in browser

NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020

So I continue to assume that there is a mistake somewhere else.
Especially why:
Issuer: Parallels Panel
Expires on: 07.11.2017
Click to expand...
 
Azurel said:
Thanks, but exactly that was my question. ;)
It is or is it not necessary to create a wildcard domain. Its look like overhead to create a subdomain only for a simple redirect to main domain.

But I tested it with extra *.example.com subdomain. Still I get the same result in browser

NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020

So I continue to assume that there is a mistake somewhere else.
Especially why:
Click to expand...

I assumed you do have a current wildcard ssl certificate?

When connecting, the SSL certificate is first:
  1. Connect to e.g. 123.example.com, which is subdomain covered by *.example.com
  2. Client connects to 123. example.com Server internally redirects to certificate of example.com
  3. SSL handshake incl certificate (aka needs a valid wildcard certificate for *.example.com). If certificate is not valid, then self-signed is used.
  4. Now connected to 123.example.com on httpdocs of example.com

Bottom line: you need to read above article and make sure you got a valid widlcard certificate for example.com, which is also set for *.example.com :) (but should be automatically anyways).
 
Thanks for your patience and yes I have added SSL to wildcard domain. In main domain click on "SSL/TLS Certificates" and "Reissue Certificate"-button and select "Secure the wildcard domain". It shows:
Wildcard SSL/TLS certificate
*.example.com is "Secured"
Click to expand...
Command dig -t txt _acme-challenge.example.com +short shows me the correct TXT value for _acme-challenge.

But in browser a random subdomain shows me this
NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020
Click to expand...
For *example.com I can only "upload" a additional certifcate.

So I don't get it. ^^°
 
Azurel said:
Thanks for your patience and yes I have added SSL to wildcard domain. In main domain click on "SSL/TLS Certificates" and "Reissue Certificate"-button and select "Secure the wildcard domain". It shows:

Command dig -t txt _acme-challenge.example.com +short shows me the correct TXT value for _acme-challenge.

But in browser a random subdomain shows me this

For *example.com I can only "upload" a additional certifcate.

So I don't get it. ^^°
Click to expand...

  1. The ACME challenge is only to issue the certificate.
  2. Did you check the certificate on Example Domain ? Reviewing the certificate should show "*.example.com" and "example.com".
  3. Like in the article: create the subdomain "*.example.com" but pointing to the homedir of "example.com". You should have the same certificate in "*.example.com" like in "example.com". If not it must be selectable. Or else you made a mistake along the road...
If you are sure you did everything right and the problem persists, by then you should post the URL.
 
Certificate in Chrome said
CN = example.com

DNS-Name=*.example.com
DNS-Name=example.com
Click to expand...

www.ssllabs.com/ssltest/analyze.html said for "test.example.com" = "Certificate name mismatch"

In subscription "*.example.com" is a LetsEncrypt certificate, the same in "example.com":
Domain name = example.com

But for wildcard should be (so I think)
Domain name = *.example.com
Because create a new one, its recommend as *.example.com
 
Azurel said:
Certificate in Chrome said


www.ssllabs.com/ssltest/analyze.html said for "test.example.com" = "Certificate name mismatch"

In subscription "*.example.com" is a LetsEncrypt certificate, the same in "example.com":
Domain name = example.com

But for wildcard should be (so I think)
Domain name = *.example.com
Because create a new one, its recommend as *.example.com
Click to expand...
Its getting weird. Seems we found a bug.

Just yesterday I secured a domain with a wildcard domain and had it all work. Now the nginx "randomizer" kicks in, in default config. So when connecting to a non-existant domain, the nginx server doesnt catch the wildcard, but instead a random other domain. Usually the server itself.

Back to testing. You have nginx edge too?
 
I do not know what "edge" means, but I use nginx too. Enabled in Apache & nginx Settings as:
- Proxy mode
- Smart static files processing
 
Ok so I dont see any nginx directive, where a server listens
Azurel said:
I do not know what "edge" means, but I use nginx too. Enabled in Apache & nginx Settings as:
- Proxy mode
- Smart static files processing
Click to expand...

Ok we got a similar config.

@IgorG we got a problem here. Seems we found a bug - can you take a look?

  1. Configured *.example.com subdomain according documentation.
  2. Yesterday I know for sure the wildcard worked for frontend, but plesk backend listed errors under SSL/TLS/Lets Encrypt icon. (fixed later or similar)
  3. Today the error under the SSL/TLS icon is gone, but the wildcard doesnt work for frontend anymore.
Weird findings:
  • I refreshed all configs fro web servers
  • I cant see any nginx server listen directive under vhosts, which grabs "*.example.com" - nada, nothing
  • I added a directive under nginx, leading to a forward to Apache.
  • Apache apparently doesnt grab the domain "*.example.com" either. So I need to rewrite Apache listen directive too.
Bottom line: the last update broke above behaviour (according documentation) for wildcard subdomains.

In my case: CentOS 7.5, Obsidian 18.0.26, web host edition
 
You must log in or register to reply here.

Similar threads

I
Resolved Redirect non-www to www subdomain
Replies
1
Views
2K
imartin83
I
M
Question Redirect root domain and all wildcard subdomains to specific subdomain
Replies
4
Views
2K
Bitpalast
Bitpalast
O
Issue .htaccess Expires Headers not working at all
Replies
3
Views
2K
MartinT
M
TimReeves
Resolved Webmail - PHP not working, file downloaded not executed
Replies
2
Views
2K
aslotta
aslotta
J
Resolved ServerAlias directive not working correctly after apache update?
Replies
1
Views
2K
johnrdorazio
J
Back
Top