Domain Name is redundant with wildcard domain

Server
1

Hi,

we categorize our certificates per server and use the common name to tell on which server the certificate is deployed.

However, we want to issue wildcard certificates, but we receive an error message: The request message was malformed :: Error creating new order :: Domain name β€œβ€ is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

I know that both names are unnecessary, however we would like to keep it in that way - can we issue certificates with both names (by breaking the client :wink: ) or is this also forbidden by the Letsencrypt API?

Best regards,

2

You can achieve this by adding two labels versus one.

Example:

server-001.management.example.com
*.example.com

Because *.example.com would not cover the other SAN, this would work.

1 Like
3

If your question is can you force it to issue overlapping labels, the answer is no. The API enforces that policy.

3 Likes
4

That was my question - servers are named with srv0001.example.com and we want to have *.example.com for coverage (so one certificate covers all domains hosted on that server).

5

So you can have that, you just have to add an additional level to the name.

Like g1-001.srv.example.com

2 Likes
6

Okay, thank you :slight_smile: 20 char…

7

Or you could also use another domain altogether for the specific label:
*.example.com
srv001.domains.org

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.