Domain and Subdomain on One Wildcard/Certificate on Nginx

Please direct me elsewhere if this is the wrong place, I have a site (goldenclaw.me) that I generated a certificate and a wildcard for, no problems there. However, how would I go about making it so bots.goldenclaw.me, for example, would be valid/covered with that SSL certificate/wildcard?

I’m self-hosting on Ubuntu 18.04.

1 Like

Hi,

Your certificate only covers the root domain, which means it won’t work on www and other subdomains.
Since you are using Digital Ocean DNS, what script did you use to obtain the certificate?

If you want a wildcard certificate, you must obtain it using DNS challenge, which is better used with automated programmable interfaces. Fortunately, your DNS provider does have this feature and most ACME script support this provider.

Please check your script and see if there’s support for Digital Ocean API. The script I used (certbot and acme.sh) all support this provider and have instructions online.

Thank you

2 Likes

I followed this tutorial, which I ended up using this to get (what I’m assuming) is the wildcard certificate?

./certbot-auto certonly --manual --preferred-challenges=dns --email <my email> --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --d *.goldenclaw.me
1 Like

The command would indeed get a wildcard certificate without the root domain. If you want to do this and repeat the whole process every 2-3 months, you can choose to use the below command:

./certbot-auto certonly --manual --preferred-challenges=dns --email <my email> --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --d *.goldenclaw.me -d goldenclaw.me

(What I did is to add your root domain to the last)

Certbot also have Digital Ocean API support so you could use that (along with the correct information from your digital ocean account) to automatically pass the validation and obtain certificate.
https://certbot-dns-digitalocean.readthedocs.io/en/stable/

Thank you

2 Likes

The command you modified, would that allow me to have one single certificate for both my root and subdomain? If so, how would I configure this within Nginx if there were two sites (one for the root, and another for the sub)?

1 Like

Yes. It will allow you to use one certificate for both domain and subdomains (first level).
It’s the same to what you used before, just specify the same certificate in all virtual host the certificate should cover.

Thanks

1 Like