[fpc-devel] Let's Encrypt cert and mantis.freepascal.org

Tomas Hajny XHajT03 at hajny.biz
Wed May 3 00:52:58 CEST 2017

On Wed, May 3, 2017 00:33, Michael Van Canneyt wrote:
> On Tue, 2 May 2017, Martin wrote:
>> On 02/05/2017 22:59, Michael Van Canneyt wrote:
>>>> That's probably good as the fastest / short-term solution, but as
>>>> long as
>>>> both DNS records are valid and point to the same IP address (and http
>>>> access to both is redirected to the https version), the certificate
>>>> should
>>>> cover both domain names as well.
>>> That mayb be so, but I have no idea how to do this.
>>> As far as I know, lets encrypt does not support wildcard certificates.
>> I would think you need 2 individual certs.
>> Since both domains are on the same IP, the server must support SNI (but
>> most servers do).
>> Then have 2 virtual hosts, one for each domain. Each using the correct
>> cert for its domain.
>> The rest of the virtualhosts will be a copy of each other (or including
>> the same include file)
> I will see if this is a possibility.

As far as I can see, having a certificate for multiple domain names seems
perfectly possible with Let's Encrypt - see
- there's no need for wildcards, just for the complete list of valid
domain names you want to cover.

BTW, the certificate used for www.freepascal.org should include plain
freepascal.org, because an access to http://freepascal.org results in a
security complaint from the browser now.


More information about the fpc-devel mailing list