0

We are trying to point domain to sub doamins *.com --> *.zeineldin.link for example https://www.asrevo.com --> https://petman.zeineldin.link

We need to support all domains, not a few domains

for example like github when you point cname to your repo in github

we are facing ssl problems that the certificate is not validenter image description here

actually we are trying to make it dynamic not only for those domains we are using AWS alb, spring-cloud-gateway as proxy for domain routing

tinlyx
  • 119
  • 8
ashraf revo
  • 101
  • 3

2 Answers2

0

You need a certificate for www.asrevo.com.

The certificate should match what's in the URL field of your browser.

Cnames operate at the DNS layer. They are not HTTP redirects.

vidarlo
  • 6,654
  • 2
  • 18
  • 31
  • yes how to do this , i need to handle all domain not only www.asrevo.com, like github when you add cname to your repo @vidarlo – ashraf revo Mar 27 '22 at 12:11
  • You can get a wild card certificate for e.g *.asrevo.com. If it's not subdomains of a name you control, you'll have to get certificates that covers the name. One cert can cover many names. ACME protocol ensures that you can get a valid certificate for a new name in seconds. – vidarlo Mar 27 '22 at 12:18
  • i know you can have many domain in one certificate , but think a bit do you think github renew its certificate every point to a repo adding domain to there certificate, and they have millions of domain in there one certificate – ashraf revo Mar 27 '22 at 12:26
  • They pretty much have to. The only other way would be to become a CA, and just issue a valid certificate on request - but that would probably breach the CAB guidelines... And they don't have millions in one cert, but spread out over various certs. For subdomains of domains they control, they probably use wildcard certs. – vidarlo Mar 27 '22 at 12:35
0

you have to write a code that generate ssl certificate for every new domain , and store those in s3 and server memory , and configure your server to load ssl certificate based on request domain

ashraf revo
  • 101
  • 3
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 18 '22 at 08:50
  • That won't be a valid certificate unless you're an CA. – vidarlo Feb 16 '23 at 13:35