Discussion about ssl generator.

[Mayank657]

@BastelPichi How do you convert the txt value to cname destination like in ssl.pichisdns.com

 

Edited January 31 by Mayank657

[SpookyKipper]

It's so easy, just add a txt record to the pichisdns.com domain and every domain that cname to it will have the dame txt records

[Mayank657]

12 hours ago, SpookyKipper said:

It's so easy, just add a txt record to the pichisdns.com domain and every domain that cname to it will have the dame txt records

Bro I am making an ssl Generator to issue certs like let's Encrypt. But after verification it gives me a txt value and in my knowledge txt records doesn't work in free I was asking @BastelPichi that he had also make an ssl Generator and it give cname record I was asking how can I do that.

[Mayank657]

12 hours ago, SpookyKipper said:

It's so easy, just add a txt record to the pichisdns.com domain and every domain that cname to it will have the dame txt records

In simpler words I want to make my own.

[SpookyKipper]

1 hour ago, Mayank657 said:

I was asking how can I do that.

I answered you already? Add that TXT record to a subdomain, and if you CNAME to that subdomain, the TXT record gets added as well

[BastelPichi]

7 hours ago, Mayank657 said:

Bro I am making an ssl Generator to issue certs like let's Encrypt. But after verification it gives me a txt value and in my knowledge txt records doesn't work in free I was asking @BastelPichi that he had also make an ssl Generator and it give cname record I was asking how can I do that.

Spooky Kipper already answered you.

You can read more about it here: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

[Mayank657]

8 hours ago, SpookyKipper said:

I answered you already? Add that TXT record to a subdomain, and if you CNAME to that subdomain, the TXT record gets added as well

I am asking this how can I make this https://txt2cname.pichisdns.com/ for my ssl Generator 

[Mayank657]

If I am saying wrong.

So, didn't understand what are saying please explain it more briefly.

[SpookyKipper]

19 minutes ago, Mayank657 said:

If I am saying wrong.

So, didn't understand what are saying please explain it more briefly.

Ok, so

 

1. You sent a request to Let's Encrypt for certification

2. Let's Encrypt gives you a txt record to add

3. You add the record to a dummy domain (e.g. XXX.acmeverify.example.com)

4. Your users CNAME to XXX.acmeverify.example.com

5. The TXT will get added to user's domain automatically (because they CNAME'd)

6. Validation passed & certificate issued

Edited October 22, 2023 by SpookyKipper

[Mayank657]

3 hours ago, SpookyKipper said:

Ok, so

 

1. You sent a request to Let's Encrypt for certification

2. Let's Encrypt gives you a txt record to add

3. You add the record to a dummy domain (e.g. XXX.acmeverify.example.com)

4. Your users CNAME to XXX.acmeverify.example.com

5. The TXT will get added to user's domain automatically (because they CNAME'd)

6. Validation passed & certificate issued

So, you are saying that if the txt is example so the cname will be example.acmeverify.example.com

If it not like this can you please explain me more briefly. It will be very helpful 

[SpookyKipper]

10 minutes ago, Mayank657 said:

If it not like this can you please explain me more briefly

You know how to add a txt record I suppose?

 

Let's say the TXT is "abc123", it can be put to "abc123.example.com",  "xyz789.example.org", basically any domain.

 

It is fully your choice where to put it, and just tell your user to cname to that domain where you have added the txt record on

Edited October 22, 2023 by SpookyKipper

[Mayank657]

2 hours ago, SpookyKipper said:

You know how to add a txt record I suppose?

 

Let's say the TXT is "abc123", it can be put to "abc123.example.com",  "xyz789.example.org", basically any domain.

 

It is fully your choice where to put it, and just tell your user to cname to that domain where you have added the txt record on

Ok ok

[Mayank657]

How can I get wildcard ssl with only one cname record 

[Anyx]

11 minutes ago, Mayank657 said:

How can I get wildcard ssl with only one cname record 

Why do you want a wildcard SSL? They're not supported by vPanel anyway...

[Mayank657]

41 minutes ago, Anyx said:

Why do you want a wildcard SSL? They're not supported by vPanel anyway...

I want it because infinityfree has it

[Anyx]

14 minutes ago, Mayank657 said:

I want it because infinityfree has it

They do? I tried ordering a *.domain.com certificate and the tool didn't accept it.

[Mayank657]

1 hour ago, Anyx said:

They do? I tried ordering a *.domain.com certificate and the tool didn't accept it.

Yes they do the tool will automatically generate a wildcard ssl if look in subject alternative name there will be domain.com and *.domain.com you can also see the byet.net ssl they also have a wildcard ssl

[SpookyKipper]

21 hours ago, Anyx said:

They do? I tried ordering a *.domain.com certificate and the tool didn't accept it.

Spookhost use wildcards on Google Trust and Let's Encrypt too. (You enter the non-wildcard domain and the wildcard variant will be automatically added)

 

The subject(not alternative names) of the certificate is the non-wildcard one, so vPanel accepts it.

 

It is done because if you add both the root and www variant of the domain, two cname records need to be added (@ and www). However, with wildcard records, only 1 cname record is needed (where the cname contains two txt records)

 

This is not required with GoGetSSL because they automatically adds the www subdomain 

Edited October 24, 2023 by SpookyKipper

[Anyx]

2 hours ago, SpookyKipper said:

Spookhost use wildcards on Google Trust and Let's Encrypt too. (You enter the non-wildcard domain and the wildcard variant will be automatically added)

 

The subject(not alternative names) of the certificate is the non-wildcard one, so vPanel accepts it.

 

It is done because if you add both the root and www variant of the domain, two cname records need to be added (@ and www). However, with wildcard records, only 1 cname record is needed (where the cname contains two txt records)

 

This is not required with GoGetSSL because they automatically adds the www subdomain 

I never actually realized this, InfinityFree's tool said "the www subdomain is automatically included" and I never checked the actual certificate to see that they issue a wildcard. Nice, and I can understand why it isn't mentioned (people would be confused thinking they can actually use it as a wildcard which vPanel doesn't allow).

Well, it seems that you also got your answer @Mayank657:

2 hours ago, SpookyKipper said:

with wildcard records, only 1 cname record is needed (where the cname contains two txt records)

[Mayank657]

I don't think so that a cname record can contain two txt values.

If it is possible, how to do it @SpookyKipper

[TinkerMan]

Why wouldn’t it be able to? Just assign two TXT records to the domain the CNAME record is pointing to. 

[Mayank657]

23 hours ago, TinkerMan said:

Why wouldn’t it be able to? Just assign two TXT records to the domain the CNAME record is pointing to. 

Can you please explain me more briefly?

[Anyx]

1 hour ago, Mayank657 said:

Can you please explain me more briefly?

What's the issue with adding two TXT records to a subdomain you then use as a CNAME record for the one you want to get an SSL for?

[SpookyKipper]

https://lmgtfy.spooky.hk/?q=how+to+add+two+txt+records+to+a+domain

Please, do your own research, you will get your answer much faster

 

To explain it more briefly:

Step 1: add a txt record

Step 2: repeat Step 1

Edited October 26, 2023 by SpookyKipper

[Mayank657]

16 hours ago, Anyx said:

What's the issue with adding two TXT records to a subdomain you then use as a CNAME record for the one you want to get an SSL for?

The issue is with code i am having trouble to find code to add two txt records in cname