#13686 closed Question/How do I...? (fixed)

change subdomain, development site to HTTPS?

Reported by: https://id.mayfirst.org/cpasf Owned by: https://id.mayfirst.org/jaimev
Priority: Medium Component: Tech
Keywords: https Cc: william@…
Sensitive: no


Hello everyone

Is it possible to set up a subdomain site with HTTPS? We are working on the new CPA site, which has a development URL: dacdev.cpasf.org and has been configured on a separate Hosting services than their live cpasf.org. Is it possible to set up the development site as HTTPS without affecting the main URL? When we try to change the port from HTTP to auto under the Web Configuration we get this message: Before switching to auto, please remove or change any mayfirst.org subdomains (e.g. you.mayfirst.org) from both your ServerName and ServerAlias.


Change History (7)

comment:1 Changed 11 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

Ah yes, that message refers to any mayfirst.org subdomains you have listed in your web configuration. Those need to be removed but you can use any cpasf.org subdomains , just check to make sure there are DNS records for those domains and that they are pointing to the correct server.

comment:2 Changed 11 months ago by https://id.mayfirst.org/cpasf

Thanks Jaime. I was able to change the web configuration port to Auto. I'm not sure about the DNS record but I see one dns type MX and three A types. The MX has a server name ella.mayfirst.org. Now when I go to the site I get an error: NET::ERR_CERT_COMMON_NAME_INVALID. This is also the error we are getting in firefox: {{{Your connection is not secure The owner of dacdev.cpasf.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.}}} Do you know what may be happening?

comment:3 Changed 11 months ago by https://id.mayfirst.org/jaimev

A type records direct domains to websites and other services. MX records are used to direct domains to the correct server for mail delivery. So you do need to create A records for any subdomains you want to use in your web configuration, however it looks you have both names you need setup. You should be able to set the the web configuration to auto now but in practice it can take some time for DNS changes to propagate and I see those DNS records were just changed today. I would wait another hour or so before attempting the transition again. The web configuration should not display any errors if certificate generation is successful. If it does let me know and I can check it out.

comment:4 Changed 11 months ago by https://id.mayfirst.org/cpasf

Thanks for the info. Yesterday around 5pm I changed the web configuration to use the auto port and now when I checked the site there is still an error. Here is the error

This server could not prove that it is dacdev.cpasf.org; its security certificate is from ella.mayfirst.org. This may be caused by a misconfiguration or an attacker intercepting your connection.

I'm guessing the DNS configuration is not right. I didn't set them up when we created this hosting.

comment:5 Changed 11 months ago by https://id.mayfirst.org/jaimev

I think I've figured out the problem. Our control panel uses the Lets Encrypt certbot software to perform a "dry-run" before creating the actual certificate. The LetsEncrypt staging server is down for maintenance right now causing this process to fail on our end. I think we will have to wait until they are back up to complete the process.

comment:6 Changed 11 months ago by https://id.mayfirst.org/cpasf

Yes! I can see it working without errors now. We will need to do the same to the main URL once this development version is ready to go live but for now we are good :) Thanks a lot!

comment:7 Changed 11 months ago by https://id.mayfirst.org/jaimev

  • Resolution set to fixed
  • Status changed from assigned to closed

Great let me know if you need anything else.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.