[fpc-devel] Let's Encrypt cert and mantis.freepascal.org

Sven Barth pascaldragon at googlemail.com
Thu May 4 19:57:21 CEST 2017


On 03.05.2017 09:06, Michael Van Canneyt wrote:
> 
> 
> On Wed, 3 May 2017, Tomas Hajny wrote:
> 
>> On Wed, May 3, 2017 00:33, Michael Van Canneyt wrote:
>>> On Tue, 2 May 2017, Martin wrote:
>>>> On 02/05/2017 22:59, Michael Van Canneyt wrote:
>>>>>
>>>>>> That's probably good as the fastest / short-term solution, but as
>>>>>> long as
>>>>>> both DNS records are valid and point to the same IP address (and http
>>>>>> access to both is redirected to the https version), the certificate
>>>>>> should
>>>>>> cover both domain names as well.
>>>>>
>>>>> That mayb be so, but I have no idea how to do this.
>>>>> As far as I know, lets encrypt does not support wildcard certificates.
>>>>
>>>> I would think you need 2 individual certs.
>>>>
>>>> Since both domains are on the same IP, the server must support SNI (but
>>>> most servers do).
>>>>
>>>> Then have 2 virtual hosts, one for each domain. Each using the correct
>>>> cert for its domain.
>>>> The rest of the virtualhosts will be a copy of each other (or including
>>>> the same include file)
>>>
>>> I will see if this is a possibility.
>>
>> As far as I can see, having a certificate for multiple domain names seems
>> perfectly possible with Let's Encrypt - see
>> https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-16-04,
>>
> 
>> or
>> https://community.letsencrypt.org/t/host-multiple-domains-with-a-single-certificate/20917/2
>>
>> - there's no need for wildcards, just for the complete list of valid
>> domain names you want to cover.
> 
> I'll try this for mantis/bugs first.

Maybe you'll also want to do this for svn.freepascal.org (and
svn2.freepascal.org?) as at least my PowerBook complained about the
mismatched URL (aside from the root certificate not being trusted :P )

Regards,
Sven




More information about the fpc-devel mailing list