Chrome cannot recognize wildcard certificate


#1

Hello,

I’ve requested a wildcard certificate for my domain inweb.net.br. Everything is ok. I did the Apache configuration, ok too. But when I open an URL, it return that certificate is not valid…

From Chrome (F12->Security->View certificate)
DNS name=*.inweb.net.br
DNS name=inweb.net.br

When I open https://something.othername.inweb.net.br Chrome says that the certificate is invalid, that it is for inweb.net.br.

(net::ERR_CERT_COMMON_NAME_INVALID).

Note: for https://inweb.net.br and https://www.inweb.net.br works, but it’s a different IP, but same Apache config.

Any ideias? :frowning:


#2

Hi @ArvyRogerio,

Wildcard certificates are only valid for one level of subdomains. E.g. a certificate for [ example.com, *.example.com ] is only valid for example.com, foo.example.com, bar.example.com, etc. It won’t be valid for foo.bar.example.com.

For that you would need two wildcards, e.g. a certificate for [ example.com, *.example.com, bar.example.com, *.bar.example.com ]

This is a limitation true for all wildcard certificates, not just those issued by Let’s Encrypt.

For your specific case you would need to add a wildcard for *.othername.inweb.net.br to your certificate to cover something.othername.inweb.net.br.

I hope that helps!


#3

Aww! :disappointed_relieved:

Didn’t know… sorry. :disappointed:


#4

No need to apologize! You’re certainly not the first person to stumble across this and it definitely isn’t intuitive! :slight_smile:


#5

Thanks! :slight_smile:

Anyway, your tip fixed my problem. I just regenerated the certificate as you mentioned:

certbot (…) -d inweb.net.br -d *.inweb.net.br -d *.arvy.inweb.net.br

And now it’s working! Thanks! :clap:


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.