LetsEncrypt ssl on email tracking domain


(Umashankar) #1

Hi Team,

Some of the providers like elasticemail.com rewriting email content links.
Example. elasticemail requires tracking CNAME to be configured while verifying/adding sending domain also don’t allow verifying sub domains

actual link
https://discourse.domain.com/u/activate-account/9c9f071732482a63ef28591e4ef5017d

Rewriting email link for account activation email look like below

http://tracking.domain.com/tracking/click?d=yExJPVlLMbyKmyDMop0JMq3ZHFfxA0TPZhe0Dy6Osv7iSNeDEk_1YGRZuQPwP1YTRIWALOBW-3a-mSMo0qq7qDC_W6tBz4gqSpvAUgaJZR4nqhe6fjoRW4vNnZB_u1GnzhYWK1xV-KBHPacw2mGlxR6-6Sza2dieOrdQeyRq35xkMSY9L2ND6D_2riBkYCGD9A2

as discourse install didn’t install cert on tracking.domain.com leaving an insecure message on browser when we set force ssl setting.

As Discourse LetsEncrypt module will install certs on configured domain, Is there any way that installing certs on tracking domain

This is not a multisite.

Also LetsEncrypt is going to issue wildcard ssl in a week.(ETA: February 27, 2018 from LetsEncrypt forums) incorporating that to letsencrypt module is good choice to avoid these instances

Thank you.


(Jeff Atwood) #2

Sorry, how does this relate to Discourse in any way? I am not seeing anything relevant to Discourse here.


(Umashankar) #3

Hi @codinghorror

Thank you for the reply.

There is nothing wrong with discourse. This is because of third party email service provider tracking smtp emails. but, is there any way in app.yml or ssl template for installing LetsEncrypt ssls on other sub domains? Please let me know.
I have seen some setup for multi-site with after ssl hooks. not sure if this works with single install.


(Matt Palmer) #4

What? Of course not. You don’t run the tracking domain, therefore you can’t install certs on it. Tell your e-mail provider to get off their chunk and setup HTTPS.


(Umashankar) #5

Hi @mpalmer

Thank you for the reply.

Yes. I have worked out with elasticemail, just got a reply. they disabled tracking. this is the default setting with them when subscribed.