DNS-01 validation- TLD and wildcard


#1

Hi
I had asked a doubt on getting certs for wildcard sub-domains some time back(# How many wild card domains per certificate). I got perfect answers, thank you for that
I could not work on this since then.
Now I have another problem when trying continue from where I left.
I was trying to get the certificates for the TLD and wild card subdomains for two of my domains, example.com and example1.com using with DNS-01 validation in cert only manual mode.
I used the following command.


/opt/letsencrypt/certbot-auto -d example.com -d *.example.com -d *.example1.com -d example1.com --manual --preferred-challenges dns certonly


Problem is Letsencrypt is trying to validate example.com and *.example.com with the same name “_acme-challenge.example.com” meaning the TXT value for validation is different for example.com and *.example.com.
Since the seems to happen as the last step before issuance, at least one will fail(first one normally) as I would have over-written the first value with the second one.

The sample output is given below


Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

HS9UFNW_foiAXrYC5IsBbSR6E-pT6avQyPvPk-r5uRE

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.example1.com with the following value:

YhbZGn6wOvIV9gfR6O_lOqSxqLW-wIFGgpVJDQHGazc

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

lmHnXyL6O14kaMtg9cfIyGWOikfwABp5F5Q1wucMLv8

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.example1.com with the following value:

yiIXd7XG4zDRgi3k3nGTSqez8Jprpqvl9XRnMWcZeJI

Before continuing, verify the record is deployed.



Does this mean that I cannot get certs for TLD and wildcard subdomains in the same cert file. I would like to accommodate as much domains as possible in the same certificate for my application related reasons.
Since I am using Apache as webserver, I would need separate config files for TLD and subdomains??

Please correct me if I am doing something wrong
Thanks and Regards
JK


#2

Your DNS service should support adding multiple TXT records with the same name. If they do, there shouldn’t be any problems.

If they don’t, it’s not impossible to work around – though my favorite option would be switching to a better DNS service.


#3

Hi mnordhoff,
Thank you for the quick response… If that works its great… will try that and update
Regards
JK


#4

Hi
Its working perfectly.
Thanks you very much.
Regards
JK


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.