Documentation on issuing LE Certification for one main domain and a subdomain?

I would like to know if and where can I get official documentation on how to install LE for a domain and a subdomain. In the absence of said documentation, I'd like to know if someone could walk me through this process. Although I've seen dozens of articles on this community saying it's perfectly possible to issue either one LE certificate for a domain and a subdomain OR two certificates for each one, my hosting provider (Mochahost) keeps telling me that's not possible and insists that I need a very pricey wildcard SSL for that. So I would like to show them official documentaion on this matter.

I have one main domain (microsafe.com.br) and a sub-domain (blog.microsafe.com.br)

Any help on the matter of clarifying this issue to my hosting provider with proof would be greatly appreciated. I'm not a technical user, so I wouldn't know how to dispute the issue, I need to show them a step by step guide of what they should do so there's no discussion on the matter.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.microsafe.com.br

I ran this command:N/A

It produced this output:N/A

My web server is (include version):Microsoft IIS 8.0

The operating system my web server runs on is (include version): Windows Server 2012 Web

My hosting provider, if applicable, is:Mochahost.com

I can login to a root shell on my machine (yes or no, or I don't know):My ISP can

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):SolidCP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):N/A

Can that be done?: YES
The question is: How can you do that within "SolidCP"?
[ I don't think you will find that answer here ]

And in case that answer is not easily found...
Why can't you use a FREE wildcard certificate?
Why would you need to use a PAID wildcard certificate?

Well, I don't need to do it via SolidCP. I have a dedicate Cloud Windows Server 2012 Web, I log in directly via RDP to it, I have full access to the command line.

Even if I didn't, my hosting provider certainly has it. I already have LE installed and working on microsafe.com.br. They're just refusing to install it on blog.microsafe.com.br, claiming they can't do it on a subdomain.

I'm just not tech-savvy enough to do it myself, hence, I need the documentation to show it to my hosting provider to do it for me.

If they can separate the "blog" to its' own site, then it's a simple "new" site and can have its own certificate.

They may not be able to get one cert for two sites.
Two certs for two sites is how they do business today.

I didn't even know a free SSL wildcard certificate existed. The only free certificate I know of is LE, and it doesn't do wildcard, AFAIK.

Could you point me to a free wildcard certificate? Even if you could, I'm not certain that my hosting provider would accept installing it. They offer support for LE only.

LE does do FREE wildcard certificates.
They require DNS-01 authentication - which is more complicated than HTTP-01 authentication.
But it can be done and automated [given the right DSP (DNS Service Provider) and ACME client].

Ok, I just need a link to official documentation on how to do that for one main domain and one subdomain.

Or a step by step guide on how to do it.

What I really need is to prove to my hosting provider how it can be done, so they can't refuse to do it and support it.

Wow, I didn't know about that, thanks.

Is there a link to a guide teaching how to install it? I'd like links to both the wildcard and the two single certificates solutions, if possible. Hope I'm not asking too much.

As I said before:

Which I don't know that answer.

Here's the FAQ + answer regarding wildcard certificates: Does Let’s Encrypt issue wildcard certificates?.

That's not necessary as you can put up to 100 different hostnames in a single certificate. And it doesn't matter if those are 100 separate domains or 100 different subdomains of the same domain. Or, usually, the "bare" apex domain (e.g. example.com) and the www subdomain (e.g. www.example.com).

You can find the proof at the rate limits page where it states that certs can have up to 100 names in them.

That said, it can be that your hosting provider doesn't WANT (or is technically unable to, which is basically the same as "want") to issue such certificates for you, probably because they want to sell you stuff unnecessarily.

@rg305, thank you very much for these links. Yes, you got the gist of it, I was asking for official documentation since my OP exactly because I would like to confront my hosting provider with that information. They do commit to provide support to Let's Encrypt. They could merely not know LE issued wildcard certificates (as I didn't know, either) or, as you've well said, they are trying to force me into a corner.

In the first case, they will help me. In the second case, since I have full access to my server, I'll simply look elsewhere to hire someone to help me install the wildcard certificate (I don't have the technical knowledge for that),

Thank you so much for your help, it's deeply appreciated.

A wildcard LE cert will require that you have some control over your DNS. It sounds like you have DNS provided by someone else, but you very well might be able to also provide it yourself. In which case, the following link would provide a working demonstration of the process involved. Read it for concepts, rather than actual instructions.

 https://si.okiefrog.org/

and feel free to ignore this post if it represents overkill for you.

73 de Bill

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.