Automate SSL on Dynamic Generated Subdomain
I'm currently building a student feedback system for schools but I got stuck at implementing SSL automatically on dynamically created subdomain.
For example, when a visitor create a account on typeform.com or wordpress.com then they instantly a get subdomain like user.typeform.com or site1.wordpress.com. And a SSL certificate automatically get installed instantly and subdomain start showing "Secure (https)" lock in address within a second of creation.
This process goes on for every user generated random subdomain.
How can I implement this on my site? If anyone know any detailed blog post which covers this or any service which can do this then let me know.
Thanks!
Trending on Indie Hackers
You can look at Render.com. They offer it natively. I recently used it to build custom domain and CNAME for my customers. Let me know if you need any help. Happy to answer.
Thanks I didn't knew about this service. I will come back if I get stuck somewhere.
It's easy to "implement wildcard certs" but the implementation will depend on the technology you are using. Can you tell us your tech stack, and we can suggest to you the way to solve it using that? It might be easiest to take that approach.
In general, when you want to have HTTPS (which uses TLS encryption) you need to sign your traffic with a cert. If you also want to have TLS encryption for all your subdomains, make sure the cert you are using includes *.domain.com as a subject alternative name in the cert you request.
I'm using Php, jQuery, MySQL and Redis. Currently I'm on local server for testing purpose but most of time I use Digitalocean to host my project but I don't mind changing if I get easy way to do things.
Hmm, Okay maybe I should have been more specific. How are you creating the current TLS cert you are using today?
Cloudflare
Under "List the hostnames" you can see that they added the wildcard cert *.example.com, you can do the same for your domain *.mydomain.com:
https://blog.cloudflare.com/cloudflare-ca-encryption-origin/
https://blog.cloudflare.com/content/images/2016/05/create-step1.png
Take a look at Caddy server. You can use Caddy as a proxy to handle ssl certs for multiple domains.
This is a good answer if the subdomains aren't always on the same domain. I've recently set-up Caddy as a reverse proxy for dynamically generated sub and root domains (we have about ~950 unique domains). Apart from a few teething issues (due to me!), I haven't had any issues.
Also, Caddy's ability to provision SSL certs on demand has been really useful for domains where our client have needed to update their A records. This has ensured minimal downtime.
As you have mentioned in the comment that you are using Digital Ocean then you can use LetsEncrypt wildcard certificate which works with DNS.
You need to move your domain's DNS to DO.
I am using it for one of my domain and it works like charm.
Hi Alex, you can create one wildcard certificate with your existing domain by leveraging let's encrypt.
This article should help you to get it done: https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
As mentioned you can use a wildcard cert. The other way would be with something like Lets Encrypt that can automatically install a cert.
Hey, I just looked for it. So basically if we use Let's Encrypt automatic installation then it's going to charge for every new certificate? Which one can be easy to implement? And doesn't have too much complexity?
Let's Encrypt doesn't charge.
Oh didn't knew that. I thought it's same like Cloudflare SSL.
This comment was deleted 4 years ago.
You can use a wildcard certificate (https://en.wikipedia.org/wiki/Wildcard_certificate); instead of creating a new certificate automatically for each subdomain.
It's hard to advise you with actual steps on how to do this without understanding your tech stack and architecture; but I think if you search around with "wildcard ssl certificate"; you should be able to find a solution!
I'm using Php, jQuery, MySQL and Redis. Currently I'm on local server but planning to host on DigitalOcean.
Thanks, I'm looking into it. I didn't had knowledge about proper term for it. According to what can be system like TypeForm using? Wildcard certificate?
My guess would be, yeah they're using a wildcard certificate. Personally I run a blogging platform (https://chapter24.app) and I'm using a single wildcard certificate issued by Amazon to secure every blog.
Thanks, I will try to setup and check wildcard certificate. Your homepage looks very nice.
Thanks! :)
As another comment above said, Let's Encrypt is likely your best option for SSL if you're using DigitalOcean. I'm a Rails developer so can't give you any pointers for how to set it up on a PHP project, but I'm sure you'll find some help on Google.