Which is better?
domain.kek/something or something.domain.kek?
I always found domain.kek/something to be better.
>>51684883
For HTTPS you need one for the first and two for the second.
>>51684935
I'm likely to kill anyone proposing wildcard certificates. USE SNI, OR GTFO.
>>51684935
Only when anon hosts multiple sub.domain.tld you'd need more certs of course.
>>51684935
Thanks to the thing you just posted, however, you can have as many as you want for free.
Pity it only supports old-tier RSA at the moment. If I can, I want to use secp256r1, or even better, Ed25519 when that's finally gone through the CFRG sausage-machine and gets NamedCurves and RFCs for usage in PKIX and TLS (soon, early-mid 2016 it looks like).
subdomains is cleaner imo. "jenkins.example.com", "git.example.com".
>>51685486
>you can have as many as you want for free
You're not suggesting StartCom's StartSSL I hope? You're not making much sense after this point. If you're suggesting an RFC that enables you to be in charge of your own CA / PKIX you might want to take a look at DANE https://tools.ietf.org/html/rfc6698
>>51684883
All cookies for domain.kek will be available to domain.kek/something.
Cookies for domain.kek and something.domain.kek will be available to something.domain.kek but something.domain.kek cookies won't be sent to domain.kek.
>>51684883
Use subdomains if you want to keep the possibility to move "something" to a different server. Otherwise you need to make an additional redirect.
>>51686103
>redirect
Only when supporting legacy.
>>51684883
I find something.kek.com a cleaner solution than subdirs. Subdirs allow for conflicts and create a mess in your files. Virtual hosts in folders keep everything separated yet together should you need it (like shared php partials).
Also, letsencrypt certs can have as many domains as you want in them. I have 1 cert configured on my server that hosts 4 subdomains on 4 virtual hosts and the cert recognizes all 4 of them individually.