Best way to add SSL for 100+ domains for URL forwarding

muratai

Hi,

We have 100+ domains which use URL forwarding at directnic. All was working fine until recently. However, mobile users get this connection is not private error at the moment. This is because directnic has port 443 displaying a *.directnic.com ssl certificate which doesn't cover our domain(s)

What I'm thinking to do is:
Get 2 VPS, install nginx and letsencrypt. Host all domains on both vps servers, one for failover. Have one index.php script to process URL forwarding.

However, round robin A records for 2 vps setup is not neat. I don't even know if it'll work if first VPS is down and requests goes to the second VPS. Is there a better way to do this?

I don't mind paying some money if not too much to use some service or shared hosting with auto letsencrypt ssl etc if it'll make things easier for me.

sanvit

Enable CloudFlare with flexib!e or full (without the strict option) SSL, assuming that directnic still redirects the domain even when not using their DNS

muratai

@sanvit said:
Enable CloudFlare with flexib!e or full (without the strict option) SSL, assuming that directnic still redirects the domain even when not using their DNS

directnic won't forward url if dns is not hosted by them.
can you add 120 domains to cloudflare free account? or need pro for that?

virtua_cloud

muratai said: However, round robin A records for 2 vps setup is not neat. I don't even know if it'll work if first VPS is down and requests goes to the second VPS. Is there a better way to do this?

You'll need to remove the down IP address from the round robin.

For redundancy with two VPS, you'll need a Failover/Floating IP address. When the VPS using this IP goes down, the second one will start using it and get all the trafic.

Chimpanzee

Just put cloudflare with full SSL and buy a pro account, you wont regret it. Been using it for 3-4 years with no issues at all.

default

Round Robin is just a load balancer for you, not for for visitors. If an IP fails, the visitors getting it during failure will have to wait for timeouts. If you wish to use round robin, then you can setup custom nameservers, that disable an A record when that IP is down, and enables it when it's up.

As mentioned by others, using such mechanic from the past is too much brain work and too expensive for simplistic websites. Nowadays people use a lot of cache and content delivery networks, because we have too much computing power and free space for text and pictures in websites. Cloudflare is free, other option is BunnyCDN, they have even free SSL.

muratai

@default said:

Cloudflare is free, other option is BunnyCDN, they have even free SSL.

Thanks. I'll check them out.

geek2009

@muratai said:
Hi,

We have 100+ domains which use URL forwarding at directnic. All was working fine until recently. However, mobile users get this connection is not private error at the moment. This is because directnic has port 443 displaying a *.directnic.com ssl certificate which doesn't cover our domain(s)

What I'm thinking to do is:
Get 2 VPS, install nginx and letsencrypt. Host all domains on both vps servers, one for failover. Have one index.php script to process URL forwarding.

However, round robin A records for 2 vps setup is not neat. I don't even know if it'll work if first VPS is down and requests goes to the second VPS. Is there a better way to do this?

I don't mind paying some money if not too much to use some service or shared hosting with auto letsencrypt ssl etc if it'll make things easier for me.

you'd better go with vps or dedicated server with public ips.Shared hosting means shared ips.shared ips is not good for your ranking.

Thanks