Let's Encrypt for main server domains

robetus

I don't see anything in the docs or in the control panel to show how to add let's encrypt certs to the primary server domains. Do I need to install certbot or acmesh on the server to install certs or does enhance do this automatically somehow? All the server domains have been added but they are only using self assigned certs not let's encrypt certs.

Aliysa_Enhance

robetus Hi, Enhance will automatically request a Let's Encrypt certificate if the server domain's DNS is delegated to your Enhance cluster. If you are using external DNS it's not possible to automatically assign a Let's Encrypt but you can upload a certificate manually.

robetus

"We" as in your company will? Or are you saying the server will automatically request the let's encrypt cert? The DNS is delegated to the Enhance server, I'm only using it on one server right now and no let's encrypt cert has been automatically installed.

Aliysa_Enhance

robetus Apologies, I mean Enhance (update above.) Can you please raise a support ticket with your domain name and we'll take a look at this for you?

robetus

The A record for the domain/IP address is on a different server. Can I install certbot on the enhance server and issue an auto renew cert like that for the main server domains?

Adam

For server domains (under the "servers" section), the DNS needs to be delegated to your Enhance DNS for automatic LetsEncrypt to work. This is because server domains use DNS validation since the target server may not be running a web server if it's just doing email.

Website SSL uses HTTP validation and therefore the DNS can be external, the A record just needs to point to the right server.

If you're not ready to change the DNS yet, you can request the certificate and do the validation manually using certbot or similar tools then upload the completed certificate to Enhance. However it won't auto renew until the DNS is updated.

robetus

A Let's Encrypt cert has been assigned to my main enhance server domain now. The A and AAAA records were entered on a different DNS server other than enhance server and Let's Encrypt auto assigned a cert with enhance. It took a while, probably a few hours to 24 hours but it worked. I've added A records for my other server domains such as phpmyadmin and webmail and I'm waiting for enhance to assign a Let's Encrypt cert to them. Thanks for the support. Great app so far, I'm excited to get to know it better.

Let me know if I should make a new thread for this but are you planning on adding apps other than wordpress and woocommerce for a domain install? Such as laravel and nodejs? Would be great to see that.

robetus

The phpmyadmin domain is not being secured even though it has proper DNS entries.

mendozal

robetus I believe you need to delegate the whole domain to your enhance server in order for service URLs to get certificates.

If you only point those subdomains with A records from another name server it won’t work automatically, you’ll need to manually install a certificate.

I think the Roadmap has something about this for the future.

robetus

Okay but I'm trying think on how the main domain has been secured without have to delegate to my enhance server. My main enhance server domain is a subdomain with only an A record on another a different DNS server.

mendozal

robetus In my instance, the phpmyadmin address shows as a website and has a letsencrypt certificate. But I have delegated the whole domain to it.

Maybe you should open a ticket so they can take a look.

kyzoeadmin

I would recommend tonopen a ticket. The support is awesome and blazing fast. Love the support team.

necrom

Is the complete delegation of DNS still a requirement in the latest or future enhance letsencrypt? I didn't really want to fully delegate the primary sales website to the nameservers it is selling on because if we ever had a problem with the clusters DNS the website I'd want to communicate the service notice on would be unavailable.