Chrome cannot recognize wildcard certificate

ArvyRogerio · October 18, 2018, 2:58pm

Hello,

I’ve requested a wildcard certificate for my domain inweb.net.br. Everything is ok. I did the Apache configuration, ok too. But when I open an URL, it return that certificate is not valid…

From Chrome (F12->Security->View certificate)
DNS name=*.inweb.net.br
DNS name=inweb.net.br

When I open https://something.othername.inweb.net.br Chrome says that the certificate is invalid, that it is for inweb.net.br.

(net::ERR_CERT_COMMON_NAME_INVALID).

Note: for https://inweb.net.br and https://www.inweb.net.br works, but it’s a different IP, but same Apache config.

Any ideias?

cpu · October 18, 2018, 3:02pm

Hi @ArvyRogerio,

Wildcard certificates are only valid for one level of subdomains. E.g. a certificate for [ example.com, *.example.com ] is only valid for example.com, foo.example.com, bar.example.com, etc. It won't be valid for foo.bar.example.com.

For that you would need two wildcards, e.g. a certificate for [ example.com, *.example.com, bar.example.com, *.bar.example.com ]

This is a limitation true for all wildcard certificates, not just those issued by Let's Encrypt.

For your specific case you would need to add a wildcard for *.othername.inweb.net.br to your certificate to cover something.othername.inweb.net.br.

I hope that helps!

ArvyRogerio · October 18, 2018, 4:17pm

Aww!

Didn’t know… sorry.

cpu · October 18, 2018, 4:20pm

No need to apologize! You're certainly not the first person to stumble across this and it definitely isn't intuitive!

ArvyRogerio · October 18, 2018, 4:24pm

Thanks!

Anyway, your tip fixed my problem. I just regenerated the certificate as you mentioned:

certbot (…) -d inweb.net.br -d *.inweb.net.br -d *.arvy.inweb.net.br

And now it’s working! Thanks!

system · November 17, 2018, 4:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.