Question

Adding alias domains with SSL to my website

Posted on December 28, 2023
Apache DNS
Asked by Jason Morehead

I recently registered a new domain that I’d like to add as an alias to my website. I’ve added the new domain to my project but I’m a little confused as to how to configure it as an alias.

I added a CNAME record for the new domain that points to the current domain, as per this article. However, when I access the new domain, my browser returns an “ERR_CERT_COMMON_NAME_INVALID” error. I assume this means that a valid SSL certificate needs to be added for the new domain.

Does this mean that I need to add a Let’s Encrypt SSL certificate for the new domain, like I did for the old one when I created the site? Or do I replace the site’s existing Let’s Encrypt certificate with a brand new one that includes both domains?

FWIW, my droplet is running Ubuntu 20.04 and uses Apache.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev

Site Moderator

• December 28, 2023

Accepted Answer

Hi there!

Let’s start by identifying the root cause. The ERR_CERT_COMMON_NAME_INVALID error indicates a mismatch between your SSL certificate and the new domain. It’s essential to ensure that your SSL certificate acknowledges your new domain, similar to adding an authorized guest to an exclusive list.

Configuring Apache for the New Domain Alias: Now, let’s focus on updating your Apache configuration to recognize the new domain:

Access your Apache virtual host configuration file, typically located at /etc/apache2/sites-available/your-config-file.conf.
Within this file, locate the ServerName directive, which specifies your primary domain. Directly beneath it, insert ServerAlias your-new-domain.com. This directive instructs Apache to treat requests for your new domain as if they were for the primary domain.
Save your modifications and exit the editor. This step integrates your new domain into the Apache configuration.

Testing Configuration and Restarting Apache: It’s crucial to validate the changes and ensure Apache is running smoothly:

Execute sudo apache2ctl configtest. This command performs a syntax check of your Apache configuration files. A “Syntax OK” message indicates that the configuration is error-free.
Provided the configuration test passes, proceed to restart Apache using sudo systemctl restart apache2. This action applies the new configuration settings.

Expanding the SSL Certificate with Certbot: The final step involves updating your SSL certificate to include the new domain:

Run the command sudo certbot --expand -d existingdomain.com -d newdomain.com. This instructs Certbot to update your existing SSL certificate to cover the new domain.
Follow the on-screen prompts provided by Certbot to complete the process.
Upon completion, your SSL certificate should now encompass your new domain, ensuring secure connections.

Let me know how it goes!

Best,

Bobby

KFSys

Site Moderator

• December 28, 2023

Heya,

Here’s what you need to do:

Update SSL Certificate for Both Domains: You don’t necessarily need to replace your existing SSL certificate; you can update it to include the new domain. This process involves generating a new certificate that covers both your original domain and the new alias.
Using Let’s Encrypt for Multiple Domains: Since you’re already using Let’s Encrypt, you can use it to generate a certificate that covers both domains. This is done using the certbot command with both domains specified.

Here’s a step-by-step guide:

Step 1: Update Apache Configuration

Ensure that your Apache configuration for the site includes the new domain as a ServerAlias.
For example, in your site’s configuration file (/etc/apache2/sites-available/your-site.conf), add:

ServerAlias newdomain.com

Step 2: Generate a New SSL Certificate

Run Certbot with both domains specified. The command would look something like this:

sudo certbot --apache -d existingdomain.com -d newdomain.com

This command tells Certbot to obtain a certificate that covers both your original domain and the new one.
Follow the prompts to complete the process.

Step 3: Verify Apache Configuration

After obtaining the certificate, Certbot usually updates the Apache configuration automatically. However, it’s good practice to check.
Ensure the SSLCertificateFile and SSLCertificateKeyFile directives in your Apache configuration are pointing to the new certificate files.

Step 4: Restart Apache

Once everything is set up, restart Apache to apply the changes:

sudo systemctl restart apache2

Step 5: Test Your Configuration

After restarting Apache, test both the original and new domains in your web browser to ensure they are serving over HTTPS without errors.
You can also use an SSL checker online to verify that both domains are covered by the SSL certificate.

Remember, every time you renew your SSL certificate with Let’s Encrypt, both domains will be included. It’s essential to keep your SSL certificates up to date to avoid any security warnings or accessibility issues with your site.