Certbot: Requesting support installing wildcard certs on Apache/Ubuntu

Help
#1

Hello everyone and a special hello to Let's Encrypt Community's regulars.

I am trying to create a wildcard certification for a domains ending with: "*.foo.bar" with no success, as follows:

My domain is:
*.foo.bar

I ran this command:
$ sudo certbot --apache -d '*.foo.bar'

It produced this output:
...
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

The operating system my web server runs on is (include version):
Ubuntu 18.04.5 LTS

My web server is:
Apache/2.4.29 (Ubuntu)

My hosting provider, if applicable, is:
COSMOTE (if using those DNS servers: 172.30.47.4 and 172.30.47.5)

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.8.0 (installed via snap)

1 Like
#2

Welcome to the Let's Encrypt Community, Sophoklis :slightly_smiling_face:

The apache authentication method cannot update your DNS records to add the necessary _acme-challenge.foo.bar TXT record.

If you know your DNS provider, you might be able to use a plugin specific to your DNS provider. Other options are also possible, such as acme-dns. For now though, I'll present to you the manual way to go about it that requires adding the TXT record yourself:

sudo certbot run -a manual -d "*.foo.bar" -i apache

You may want to consider appending -d "foo.bar" to the end of the command if you want to also certify the apex domain name (foo.bar). This will result in needing to create two TXT records in your DNS (with both being _acme-challenge.foo.bar, but with different values).

2 Likes
#3

Hi @olspookishmagus

please read the FAQ:

If you want to create a wildcard certificate, dns validation is required. So you can't use --apache, that supports only http validation.

1 Like