ssl for wildcard subdomains

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • campimp
    Confirmed User
    • Jan 2007
    • 1340

    #1

    ssl for wildcard subdomains

    trying to build some sites after being away awhile, having trouble with SSL for wildcard subs

    I'm struggling to find a solution. I am starting with a VPS that has Hestia control panel, and SSL is turned on for domain.com, but I can't find how to make it work for wildcard.domain.com

    any tips would be greatly appreciated
  • money biz
    Confirmed User
    • Jan 2003
    • 1017

    #2
    I am pretty sure I done this in cloudflare.

    Comment

    • TheLegacy
      SEO RobertWarrenSEO.com
      • Apr 2003
      • 18096

      #3
      Originally posted by campimp
      trying to build some sites after being away awhile, having trouble with SSL for wildcard subs

      I'm struggling to find a solution. I am starting with a VPS that has Hestia control panel, and SSL is turned on for domain.com, but I can't find how to make it work for wildcard.domain.com

      any tips would be greatly appreciated
      For Hestia Control Panel, here are your options for wildcard SSL certificates:

      Using Let's Encrypt with DNS validation:
      • Log into your Hestia Control Panel
      • Go to the Web section and select your domain
      • Click on "Edit" for the domain
      • Under SSL Support, choose "Let's Encrypt"
      • Enable the "Use DNS verification method" option
      • Add a wildcard domain (*.domain.com) in the SSL Domains field
      • Follow the DNS validation instructions


      Using Cloudflare (as suggested):
      • Sign up for a Cloudflare account
      • Add your domain to Cloudflare
      • Update your nameservers to Cloudflare's
      • Enable the "Full" or "Full (strict)" SSL mode in Cloudflare
      • Create a Page Rule for *.domain.com with "SSL" set to "Full"
      • This will provide SSL for all subdomains without needing individual certificates


      Manual certificate installation:
      • Purchase a wildcard SSL certificate from a provider
      • Generate a CSR on your server
      • Upload the certificate files to Hestia
      • Install via Web > domain > Edit > SSL Support > Custom SSL


      If you're specifically looking to do this within Hestia without Cloudflare, the DNS validation method with Let's Encrypt is your best option as it supports wildcard certificates

      RobertWarrenSEO.com
      Telegram: @TheLegacy54

      Comment

      • campimp
        Confirmed User
        • Jan 2007
        • 1340

        #4
        Thank you,

        TheLegacy... i liked your option inside hestia, although I'm not seeing "Enable the "Use DNS verification method" option"
        I see:

        Enable domain redirection
        Enable SSL for this domain
        Use Let's Encrypt to obtain SSL certificate
        Enable automatic HTTPS redirection
        Enable HTTP Strict Transport Security (HSTS)

        Comment

        • TheLegacy
          SEO RobertWarrenSEO.com
          • Apr 2003
          • 18096

          #5
          Originally posted by campimp
          Thank you,

          TheLegacy... i liked your option inside hestia, although I'm not seeing "Enable the "Use DNS verification method" option"
          I see:

          Enable domain redirection
          Enable SSL for this domain
          Use Let's Encrypt to obtain SSL certificate
          Enable automatic HTTPS redirection
          Enable HTTP Strict Transport Security (HSTS)


          You're right, the DNS verification option might not be directly visible in your version of Hestia. There's another possible approach you can try for setting up wildcard SSL in Hestia:

          • First, check your Hestia version - newer versions have better support for wildcard certificates.

          • For wildcard SSL with Let's Encrypt in Hestia:
          - Enable "SSL for this domain"
          - Check "Use Let's Encrypt to obtain SSL certificate"
          - In the "SSL Domains" field (which may appear after selecting Let's Encrypt), add both your domain.com and *.domain.com
          - Save the changes

          • If the above doesn't work directly through the UI, you can use the command line approach:

          Code:
          v-add-letsencrypt-domain user domain.com '*.domain.com' dns
          Replace "user" with your Hestia username and "domain.com" with your actual domain.

          • If you don't see the wildcard option working through the UI, you might need to:
          - Access your server via SSH
          - Run the Let's Encrypt command manually with the --manual and --preferred-challenges=dns options
          - Follow the DNS TXT record verification steps
          - Import the resulting certificate into Hestia

          • Alternatively, some users install the Hestia DNS Server plugin which can make the DNS verification process smoother for wildcard certificates.

          If these steps don't work with your current Hestia setup, the Cloudflare method mentioned earlier is often the simplest workaround for wildcard SSL support.

          Hope that helps and good luck with everything

          RobertWarrenSEO.com
          Telegram: @TheLegacy54

          Comment

          • campimp
            Confirmed User
            • Jan 2007
            • 1340

            #6
            I tried Cloudflare as mentioned, and it is working perfectly.

            Thank you guys

            In your experience, do you think there is any material SEO impact of using Cloudflare nameservers?

            Comment

            • TheLegacy
              SEO RobertWarrenSEO.com
              • Apr 2003
              • 18096

              #7
              Originally posted by campimp
              I tried Cloudflare as mentioned, and it is working perfectly.

              Thank you guys

              In your experience, do you think there is any material SEO impact of using Cloudflare nameservers?
              From what I've seen, there's really no negative SEO impact from using Cloudflare nameservers. If anything, it might actually help a bit.

              I've moved several sites to Cloudflare over the years and never saw rankings drop because of it. The speed improvements from their CDN can actually give you a small boost since page speed is a ranking factor.

              Back in the early days (like 2011-2012), there were some crawler issues, but Cloudflare worked directly with Google to fix those problems. These days search engines handle Cloudflare sites without any issues.

              Most case studies I've read show either no change or slight improvements after switching. The faster DNS resolution times and added security (preventing downtime from attacks) are nice bonuses too.

              Google's totally fine with Cloudflare now - it's become so common that search engines have fully adapted to it. So I wouldn't worry about any SEO penalties from making the switch.

              RobertWarrenSEO.com
              Telegram: @TheLegacy54

              Comment

              • campimp
                Confirmed User
                • Jan 2007
                • 1340

                #8
                Thank you again for your time, it helped a lot, have a good week!

                Comment

                • natkejs
                  Confirmed User
                  • Jan 2003
                  • 1640

                  #9
                  One major benefit of using Cloudflare is also that you can do backend changes without negative effect on SEO.

                  I recently moved some sites between hosts, and there was a clear difference between sites that had their IPs changed vs those who moved seamlessly behind Cloudflare.

                  Unfortunately Cloudflare does not support wildcard domains for the proxy services unless you pay for an Enterprise account.

                  So any wildcard domain will have the real IP exposed.

                  Comment

                  • natkejs
                    Confirmed User
                    • Jan 2003
                    • 1640

                    #10
                    Originally posted by natkejs
                    One major benefit of using Cloudflare is also that you can do backend changes without negative effect on SEO.

                    I recently moved some sites between hosts, and there was a clear difference between sites that had their IPs changed vs those who moved seamlessly behind Cloudflare.

                    Unfortunately Cloudflare does not support wildcard domains for the proxy services unless you pay for an Enterprise account.

                    So any wildcard domain will have the real IP exposed.
                    I went to double check on this, and it seems that they've changed this policy at some point in time which I have managed to completely overlook. Proxying for wildcard domains is now available for all plans.

                    Leaving the post up just in case someone else had the same wrong data based on previous policies.

                    Comment

                    • 2MuchMark
                      Mark of 2Much.net
                      • Aug 2004
                      • 50991

                      #11
                      Originally posted by TheLegacy
                      You're right, the DNS verification option might not be directly visible in your version of Hestia. There's another possible approach you can try for setting up wildcard SSL in Hestia:

                      • First, check your Hestia version - newer versions have better support for wildcard certificates.

                      • For wildcard SSL with Let's Encrypt in Hestia:
                      - Enable "SSL for this domain"
                      - Check "Use Let's Encrypt to obtain SSL certificate"
                      - In the "SSL Domains" field (which may appear after selecting Let's Encrypt), add both your domain.com and *.domain.com
                      - Save the changes

                      • If the above doesn't work directly through the UI, you can use the command line approach:

                      Code:
                      v-add-letsencrypt-domain user domain.com '*.domain.com' dns
                      Replace "user" with your Hestia username and "domain.com" with your actual domain.

                      • If you don't see the wildcard option working through the UI, you might need to:
                      - Access your server via SSH
                      - Run the Let's Encrypt command manually with the --manual and --preferred-challenges=dns options
                      - Follow the DNS TXT record verification steps
                      - Import the resulting certificate into Hestia

                      • Alternatively, some users install the Hestia DNS Server plugin which can make the DNS verification process smoother for wildcard certificates.

                      If these steps don't work with your current Hestia setup, the Cloudflare method mentioned earlier is often the simplest workaround for wildcard SSL support.

                      Hope that helps and good luck with everything

                      Comment

                      Working...