Let's Encrypt for hostname and related domain(s) is working, SSL not working for other domains on Directadmin server

Solution 1:

UPDATE: Let's Encrypt has been issuing wildcard certificates since January 2018.

Does Let’s Encrypt issue wildcard certificates?

Yes. Wildcard issuance must be done via ACMEv2 using the DNS-01 challenge. See this post for more technical information.


Let's Encrypt doesn't offer wildcard certificates, but it offers multi-domain certificates.

What services does Let’s Encrypt offer?

Let’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates, primarily because we cannot automate issuance for those types of certificates.

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Yes, the same certificate can contain several different names using the Subject Alternative Name (SAN) mechanism.

With SAN you have one certificate that covers all your domains. As TLS connection is established before the browser sends the Host: header, your HTTPD doesn't know which certificate to use for the handshake and matches the first one available that matches the IP address. Therefore there was a long era you actually needed one IP address for every single certificate. SAN was the only way to have several HTTPS sites on same IP and the certificate needed to be reissued whenever a new alias was added.

That was until Server Name Indication SNI, an extension of TLS which allows the client to include the requested hostname in the first message of its SSL handshake. SNI has been there since OpenSSL 0.9.8f from Oct 2007. It has been supported by all major browsers for years. You can easily configure it on Apache, it has been supported by Nginx since 0.5.23 and was introduced in IIS 8.0.

As you already have multiple certificates rather than SAN, you should use SNI. Allowing SNI is possible on DirectAdmin. Unfortunately Serverfault won't give support for web hosting control panels.