Clarification about wildcards and ip addresses

xifi-kif · February 6, 2019, 8:44am

Hi!
Usually I issue one cert for each subdomain.

I was thinking about issuing a wildcard for one of my domain, but I have one question:
say I have one main domain example.com with two subdomains one.example.com and two.example.com. Each subdomain is set on a unique server with unique ip address (say server one and two).

I go for the *.example.com wildcard, which is gonna be issued by server one, then I have to manually install certs also for server two, is that right?
And then, at renewal, do I have to do the same thing?
Otherwise the domain two would have an expired cert, is that correct?

If so, I should then automate the process to “copy” the renewed cert to server two each time it is updated.

_az · February 6, 2019, 8:49am

Yes, you seem to understand it perfectly.

Most ACME clients provide some way to perform an action (like copy) after a certificate is issued. With Certbot, it's --deploy-hook.

mnordhoff · February 6, 2019, 8:58am

You could also install an ACME client on each server and maintain two different wildcard certificates.

(Let’s Encrypt has a duplicate certificate rate limit of 5 per week.)

You could also use a non-wildcard certificate on one or both servers.

xifi-kif · February 6, 2019, 9:13am

thanks

@_az’s solution seems to be the easiest for my knowledge

system · March 8, 2019, 9:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update wildcard certs on multiple server Help	5	2281	October 17, 2021
Renewing wildcard domain with subdomains on multiple servers Server	13	5063	May 30, 2018
Wildcard certificate on multiple web servers using DNS TXT validation Help	10	5753	June 7, 2018
Multidomain wildcard certificate with multiple DNS providers Feature Requests	6	1303	April 3, 2021
Issue 2 wildcard certs for same domain Issuance Policy	2	664	December 23, 2018

Clarification about wildcards and ip addresses

Related topics