How do I add 400 domain Alias + SSL to them?

[q1LLa]

Hi.

I have a WP website installed in the cyber panel (free LiteSpeed).

The domain is located on NS hosting servers (on servers), and records are created there:

A - @ - IP SERVER
A - www - IP SERVER
A - * - IP SERVER

I tried to change the option in the Website Manager and edit vHost to:

vh Domain $VH_NAME
aliases *.$VH_NAME


but when clicking on a link like test.domain.com I get 404

Tell me, what am I doing wrong? And then how do I get an SSL certificate for all subdomains at once?

 

[Cold-Egg]

You might need to edit the listener as well.
For wildcard, you might want to check this post from CyberPanel forum https://community.cyberpanel.net/t/how-to-set-up-wildcard-ssl-on-cyberpanel-openlitespeed/30652

 

[technotic]

You might need to edit the listener as well.
For wildcard, you might want to check this post from CyberPanel forum https://community.cyberpanel.net/t/how-to-set-up-wildcard-ssl-on-cyberpanel-openlitespeed/30652

I just remembered I have a similarish question. Does SSL need to be defined on the listener for SSL to work? Or can it be left as not set, add the domains to the map, and let each vhost use its SSL configuration? I'm still trying to get used to the concept of the listener separated from the web server and vhost. I dont use cyber panel, just lsadm. In my case, I don't need multiple listeners, because I've been using NGinx Proxy Manager, which handles the front end handshake and I can use a single cert to encrypt to NPM (WordPress doesn't care if you're behind a reverse proxy and some things simply won't work if the vhost itself isn't secured). But I want to get away from that because it's extra load time and lack of h3/quic support. Adding the support myself would require a lot of work to integrate with the menus. All my domains are set up through Cloudflare and using acl's to only accept Cloudflare ip's, I can still get away with using a single origin cert for all.

I'm still curious though about what MUST be configured on the listener besides the port and vhost mapping.

 

[Cold-Egg]

So, even if you have SSL set up in the virtual host, you do not want to leave the port 443 listener’s SSL empty or point to a non-existent cert, any valid or self-signed cert would work.

 

[technotic]

So, even if you have SSL set up in the virtual host, you do not want to leave the port 443 listener’s SSL empty or point to a non-existent cert, any valid or self-signed cert would work.

Gotcha. That makes sense. That would be the default/catchall host then, like the one typically defined when there's no matching vhost?

 

[Cold-Egg]

Correct. It will be used when there's no SSL set on the virtual host.