Let'sEncrypt wildcard cert not valid for base domain - self signed cloudron cert used instead

drbigman

Greetings!

I am pretty new to Cloudron - therefore first of all a very big thank you for the incredible valuable product, highly appreciated.

If have just setup an instance of NextCloud at 'nxtcld.drbigman.org' - with domain 'drbigman.org' provided by porkbun. So far everything is working perfectly fine.

However, when accessing base domain 'drbigman.org', a security warning is displayed and self-signed certificate (as provided for setup of my.drbigman.org from Cloudron) needs to be accepted.

This issue is somewhat similar to the one described at https://forum.cloudron.io/topic/8270/lets-encrypt - however, in my case there is not even any web service configured for the base domain.

As already mentioned: not a real problem at all. Besides showing a warning when accessing base domain, other effects include e.g. that SSL Server Test (https://www.ssllabs.com/ssltest/) will complain about a certificate mismatch when checking base domain (checking 'my.drbigman.org' returns perfect A+ for both IPv4/6).

However, when I checked the Let'sEncrypt wildcard certificate as correctly used for 'nxtcld.drbigman.org', I noticed that it appears to only be issued for (wildcard) domains *.drbigman.org - but not in addition for 'drbigman.org', correct?

IIRC, wildcard '.drbigman.org' does not include base domain 'drbigman.org' itself - but only subdomains. Therefore similar 'plain vanilla' certificates are frequently issued for '.drbigman.org, drbigman.org' - so that they also apply for the base domain.

As recommended in ticket mentioned above, I have also renewed all certs thru dashboard - however, problem remains the same.

Is there a certain reason, why LE cert is not issued for '*.drbigman.org, drbigman.org' - or may I have configured something incorrectly?

Many thanks in advance for your support and advice.

nebulon

Seems like there is no app installed at http://drbigman.org/ ? For Cloudron the base domain/apex domain is just like any other subdomain, so by default nothing is served up there.

girish

In DNS, example.com is separate from app.example.com, app2.example.com and even www.example.com . One has to set up example.com manually to server something. The usual approach is that one has a website at www.example.com , then you can set up example.com to redirect to the other domain. See https://docs.cloudron.io/apps/#redirections

This is how https://www.cloudron.io behaves. https://cloudron.io will redirect to the www subdomain.

drbigman

Hi @girish, hi @nebulon. Many thanks for perfect explanation, hope to have got that. Have now configured as explained above and apex domain does now also produces perfectly valid cert signed by LE.

Many thanks also for impressingly quick response during weekend - appreciated.