Is letsencrypt breaking my script?


#1

So, I have a problem …

I have a tracking script installed on a digital ocean server … it’s called CPVlab. It enables me to track clicks and gives me statistics on the click. What it does is catch info on a user and their behavior and it can rotate landing pages for split testing those landing pages. This is all done through internal redirects on the domain the script is installed on.

Let’s say it’s installed on : tracker.com

Another feature of the script is : I can enter an A record in the DNS I use and call it someothername.com and point it to the IP adres of the tracker.com.

This way, one can use different domains (tracking domains) in order to not have the main installation domain visible. This helps with customizing the look of different marketing campaigns (you don’t want them all to look like : tracker.com/? querystuff)…

So here’s the problem : It all used to work fine without https:// … But after installing letsencrypt (through an easyengine command for bothe tracker.com as well as tracking domains) the explained feature doesn’t work anymore.

When using **http://**someothername.com as an A record pointing to tracker.com, the server shows me a 404 not found status. And when I use a **https://**someothername.com as an A record pointing to the script, it tells me the connection is not secure. This while both domains have https certificates and they work if I put them in the browser direct. (it will show https).

However when I don’t use this tracking domain feature and just use the plain https://tracker.com domain, it works perfectly.

Maybe this question is a bit far out, but does anyone have an idea if this is realted to letsencrypt ? I added the certificates through EE a few months ago, and I know EE uses certbot. However I am thinking that this problem may have something to do with letsencrypt not supporting wildcards at the time of install. Maybe this tracking script is designed in some way that the main domain uses the tracking domains as some sort of sub domain ?

Anyone have an idea about this ? I am definately STUCK here…

Thanks, Lex


#2

Hello, if you point another domain on the same IP than tracker.com, it will not work if your SSL certificate is only for tracker.com. But in this case, you don’t need a wildcard SSL certificate, but just SAN support to use multiple-domain with the same SSL certificate.

Here my article about using acme.sh to generate manually your SSL certificates with EE :


#3

Thanks for the reply … I will check it out … is this why I never had problems using a comodo positive ssl from namecheap ?


#4

If there was no issue with a cert from Comodo, that mean there is another issue.


#5

It was a while ago, so I now installed the script again … no ssl … and with a no ssl tracking domain. … same type of problem… it gives me a 404 now …

any idea ?

UPDATE : ok … it also gives me the same error when I manually install the comodo SSL … well… .that’s it … I have no idea anymore …


#6

Okay … I solved it … it was very simple… There was no rewrite rule in the nginx concfig for other domain names than what site create put in there. I don’t know how I could have missed this, but I did…

In any case, it has nothing to do with letsencrypt … (which is a good thing). …

However does anyone know if the EE / Certbot command can issue a certificate that covers multiple domains ? Or multiple subdomains ?


#7

Okay that’s great. Yes, you can issue a certificate for several domains or subdomains. I use acme.sh instead of certbot for SAN certificates (multiple domains) because it’s easier especially to handle certificates renewal. You can follow the tutorial I have posted above. A quick example to issue a cert for 2 domains with acme.sh :

acme.sh  --issue  -d example.com  -d www.example.com -d example2.com -d  -w /var/www/html 

#8