DNS-01 validation- TLD and wildcard

Hi
I had asked a doubt on getting certs for wildcard sub-domains some time back(# How many wild card domains per certificate). I got perfect answers, thank you for that
I could not work on this since then.
Now I have another problem when trying continue from where I left.
I was trying to get the certificates for the TLD and wild card subdomains for two of my domains, example.com and example1.com using with DNS-01 validation in cert only manual mode.
I used the following command.

/opt/letsencrypt/certbot-auto -d example.com -d *.example.com -d *.example1.com -d example1.com --manual --preferred-challenges dns certonly

Problem is Letsencrypt is trying to validate example.com and *.example.com with the same name “_acme-challenge.example.com” meaning the TXT value for validation is different for example.com and *.example.com.
Since the seems to happen as the last step before issuance, at least one will fail(first one normally) as I would have over-written the first value with the second one.

The sample output is given below

Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

HS9UFNW_foiAXrYC5IsBbSR6E-pT6avQyPvPk-r5uRE

Before continuing, verify the record is deployed.

Press Enter to Continue

Please deploy a DNS TXT record under the name
_acme-challenge.example1.com with the following value:

YhbZGn6wOvIV9gfR6O_lOqSxqLW-wIFGgpVJDQHGazc

Before continuing, verify the record is deployed.

Press Enter to Continue

Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

lmHnXyL6O14kaMtg9cfIyGWOikfwABp5F5Q1wucMLv8

Before continuing, verify the record is deployed.

Press Enter to Continue

Please deploy a DNS TXT record under the name
_acme-challenge.example1.com with the following value:

yiIXd7XG4zDRgi3k3nGTSqez8Jprpqvl9XRnMWcZeJI

Before continuing, verify the record is deployed.

Does this mean that I cannot get certs for TLD and wildcard subdomains in the same cert file. I would like to accommodate as much domains as possible in the same certificate for my application related reasons.
Since I am using Apache as webserver, I would need separate config files for TLD and subdomains??

Please correct me if I am doing something wrong
Thanks and Regards
JK

Your DNS service should support adding multiple TXT records with the same name. If they do, there shouldn’t be any problems.

If they don’t, it’s not impossible to work around – though my favorite option would be switching to a better DNS service.

Hi mnordhoff,
Thank you for the quick response… If that works its great… will try that and update
Regards
JK

Hi
Its working perfectly.
Thanks you very much.
Regards
JK

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.