hostname with no sub-domain?

I am ultimately trying to setup an SSL certificate.

My domain name is like example.com not something.example.com

How should I configure my hostname without a sub-domain? The main reason is that I need to give domain names and aliases to register to certbot and to httpd.

Quote:

Originally Posted by queshaw I am ultimately trying to setup an SSL certificate. My domain name is like example.com not something.example.com How should I configure my hostname without a sub-domain? The main reason is that I need to give domain names and aliases to register to certbot and to httpd.

You can create certificate(s) for just example.com, or something.example.com or even *.example.com, with letsencrypt
Take a look at this howto for example

Regards

With certbot you can repeat the -d parameter to have a multi-name cert, providing your host is reachable on the other names.

For example on my web servers I generally use:

Code:

/bin/certbot --rsa-key-size 4096 -n certonly --webroot -w ${FOLDER} -d ${DOMAIN} -d www.${DOMAIN}

I know that I can specify domain names with the -d option, But, it complains if those are not resolved domain names or aliases served by my web server, I think.

The domain names and aliases are derived from hostname.

So, how do I configure a hostname, if it is not a sub-domain?

For example:

hostname blah

Results in a FQDN blah.example.com

hostname example

Results in example.example.com

Quote:

Originally Posted by queshaw I know that I can specify domain names with the -d option, But, it complains if those are not resolved domain names or aliases served by my web server, I think. The domain names and aliases are derived from hostname. So, how do I configure a hostname, if it is not a sub-domain? For example: hostname blah Results in a FQDN blah.example.com hostname example Results in example.example.com

Check the "domain" and/or "search" option of /etc/resolv.conf

I'm not following how those allow me to have a host name without a sub-domain. Could you elaborate?

Quote:

Originally Posted by queshaw I'm not following how those allow me to have a host name without a sub-domain. Could you elaborate?

Did you read the resolv.conf manpage at the link in my previous post?
If you use the search/domain directive in resolv.conf (e.g. search example.com), when you do a lookup for "blah" the resolver will actually resolve blah.example.com

If you don't use dns, you can achieve the same result with the hosts file (/etc/hosts)

Quote:

Originally Posted by bathory Did you read the resolv.conf manpage at the link in my previous post? If you use the search/domain directive in resolv.conf (e.g. search example.com), when you do a lookup for "blah" the resolver will actually resolve blah.example.com If you don't use dns, you can achieve the same result with the hosts file (/etc/hosts)

Right. That is what I am trying to avoid. My domain name is like example.com not blah.example.com. The hostname is used in various configuration files. If I set the hostname to "example" it resolves to example.example.com, which is also wrong.

How do people configure DNS and httpd and let's encrypt when their FQDN does not include a sub-domain?

Neither Certbot nor Apache cares what your server's actual hostname is.

First step is DNS - setup an A record for "@" on the nameservers example.com uses, pointing at the IP address of your server (or firewall/loadbalancer/etc).

Next step is to configure Apache Httpd with your example.com as a VirtualHost (using appropriate SeverName and ServerAlias values). (Until DNS resolves, you can setup your local /etc/hosts to mimic the A record and test Apache is working, or even do it before changing the DNS.)

Once the DNS has resolved (anywhere from minutes to 48 hours), and assuming appropriate permissions/etc, Certbot will be able to issue your certificate.
If there are issues, Certbot will error but you can simply resolve the issues then re-run it.

Quote:

Originally Posted by boughtonp Neither Certbot nor Apache cares what your server's actual hostname is.

This is the definitive answer. OP, you don't need to do anything about your hostname.
Set up DNS as boughtonp has suggested. Set up apache to respond to the names you want. The SSL cert will contain the name as you've defined it in DNS and apache. hostname doesn't enter into it anywhere...it could be localhost or myserver instead of example.com and wouldn't matter.

On my production server, I've set the hostname to example.com, but all the virtual domains I host resolve and display just fine, even tho, except for one of them, the hostname is not the same as the domain name.

Thank you! Apparently, I was confused by hostname appearing in various configuration files and a left over let's encrypt configuration file that failed to renew because the machine used to have a sub-domain name.