Alias subserver with SSL, for static cookieless domain - Workflow

3 posts / 0 new
Last post
#1 Mon, 08/26/2019 - 17:10
Rory Bremner

Alias subserver with SSL, for static cookieless domain - Workflow

The goal here is to implement a static asset domain so that CMS can do cookieless transfers.
What is the best way to create an alias-subserver ( that can serve all files in and can have its own SSL certificate?

My Solution:

  • Assume that you have as your default website for the single IP address of your VPS.
  • Assume that you have as the parent server for the alias you want.
  • Create an alias subserver for called
  • Important: You MUST put a checkmark for DNS domain enabled? (just good practice as suggested)
    Important: You MUST put a checkmark for Apache website enabled?
    (I am sure that last month I did not have to do this. Today if I do not check this, the alias is taking me to This makes me wonder, what is the purpose of having the option unchecked? Can anyone tell me?)
  • You cannot request for SSL in, you have to do this from
  • The options presented there are now as follows (just click request certificate): (this url is now accessible) (this url is now accessible) (this url is now accessible)

NOTE: If the VS already exists and you have already an SSL installed, by creating the static alias (point #3) , Virtualmin will do step 4 automatically for you! Thanks VA!

My questions:
1. What is the purpose of having the option "Apache website enabled?" unchecked? Is this a useless option?
This creates an NON-ALIAS for the but instead is an alias for and uses the SLL from
This creates problems when requesting SSL, failing with '404 Not Found DNS-based validation failed', because it cannot create '.well-known' in
Since it is using the SSL, it also is useless as a static domain for causing problems in the browser 'Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID'
2. As already mentioned, I am pretty sure that last month I left "Apache website enabled?" unchecked, and enabled only 'DNS domain enabled?'.
This created the alias to OK, and all I had to do was request a certificate by manually adding '' to the list (after autodiscover).
I still have the VPS to prove it. Was it just a fluke?

Tue, 08/27/2019 - 10:31


The "Apache website" features specifies whether there is an entry in the Apache config for the domain in question.

If that option is disabled, that website shouldn't be accessible via a web browser -- you'd instead only see the default website when browsing to that domain.

It should be no problem to request an SSL cert for an alias with that feature enabled, that's how most folks gets certs for things like a main domain, and then an alias domain.

If that's not working, that means something is awry, and would just require some troubleshooting to figure out what.


Tue, 08/27/2019 - 11:44
Rory Bremner

Still, I want to know the usage of an SSL certificate on, which redirects to
I want to understand this.

From my testing:

When "Apache website enabled?" is unchecked, SSL request failed on 2/5 domains with 404.
(I think creating an index.html at the root of and accessing it wakes up Apache so it will allow access to .well-known)
Anyway, all static domains were redirecting to (even the ones which got an SSL), so I had to give that method up.

PS. To All - It is difficult to troubleshoot this issue - you have to have a few domains to play with, so don't bother. Just keep in mind.