Single laravel install, multiple domains, SSL Encryption

Question

I'm building an app in Laravel that has a single codebase that will serve multiple domain names, a new domain can be added in the CMS, and all that should have to be done for that new domain to work is have it's records pointed to the server. The CMS itself will then display the appropriate pages for that domain, based on the request()->getHost(); function.

The app is being managed with Laravel Forge.

My question is regarding nginx, and LetsEncrypt: I would like all new domains added in this way to be secured via SSL, would every new domain need to be added to forge manually, or is there some way to allow a wildcard TLD in the certificate? (And if so, is that a security risk?).

Will nginx require some specific configuration to work with wildcard TLDs?

My aim is to avoid additional configuration and have it automatic, with the domain name simply being added to the backend.

Thanks!

which operating system you are using for hosting this application ? — Amit Kumar PRO, Mar 23 '20 at 12:36
Good. So for that you need to install the wildcard certificate and also you need to have access of your domain's dns record so you can add something in it. — Amit Kumar PRO, Mar 24 '20 at 06:51

score 0 · Answer 1 · answered Mar 24 '20 at 07:04

Please follow the Steps. Hope it will work for you.

1 - First clone Letsencrypt/Certbot repo from Github

cd /opt
git clone https://github.com/certbot/certbot.git

2 - Now enter new created directory and run certificate bot

cd certbot
./letsencrypt-auto certonly --manual --preferred-challenges=dns --email mymail@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.mywebsite.com

3 - Now Certbot will ask for a DNS record to check that if you really have rights at this domain.

------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.mywebsite.com with the following value:

5GFgEqWd7AQrvHteRtfT5V-XXXXXXXXXXXXXX

Before continuing, verify the record is deployed.
------------------------------------------------------------------
Press Enter to Continue

4 - After adding this DNS TXT record to your domain and wait for few seconds press enter and continue.

5 - Your certificate is ready!

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mywebsite.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mywebsite.com/privkey.pem
   Your cert will expire on 2018-08-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

6 - Now we will copy our fullchain.pem and privkey.pem to our Nginx folder and add this to our Nginx server configuration. For example;

server {
   listen 443 ssl;
   server_name test.mywebsite.com;
   ssl_certificate /etc/nginx/ssl/fullchain.pem;
   ssl_certificate_key /etc/nginx/ssl/privkey.pem;
   ssl_trusted_certificate /etc/nginx/ssl/fullchain.pem;
...

Hope it will helpful.

Single laravel install, multiple domains, SSL Encryption

1 Answers1