Domain name "" is redundant with wildcard domain


I want to use '' as the default name of my wildcard cert, because of svn clients does not support multiple domain cert.

When I run:

certbot certonly -d -d -d *


The request message was malformed :: Error creating new order :: Domain name "" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

I remember that a few months ago it was possible to apply for such a certificate.



There is no need for it.

Try separating the certs into two exactly configured vhost files.
or maybe...
using --cert-name

one vhost for just (which can be also be the default)
and one for the wildcard and root domain.

1 Like

:frowning: Just for compatibility with software that does not support multiple-domain cert.

Then it probably may not like SNI either.
That is why I mention making the SVN vhost a separate cert and also the default site for the IP.

The good news is they are on sale today !
Buy one for FREE and get the second one for FREE ! ! !

1 Like

It was, briefly. Let's Encrypt never desired to support overlapping certificates, but they enabled wildcard support before updating the CA software to block overlapping wildcards.

Edit: Can you put * first?

1 Like

I think LE will always alphabetize the list of names.
But that can easily be tested.

copy VHOST.conf to VHOSTWILD.conf

in VHOST.conf use

in VHOSTWILD.conf use
serveralias *

run certbot and get/renew both as normal

NOTE: be sure the two configs are ordered alphabetically in that way (with SVN first)

The SAN list is alphabetized, but the first argument is used for the CN.

I just did it with a staging certificate.

        Issuer: CN=Fake LE Intermediate X1
            Not Before: May 28 02:02:14 2018 GMT
            Not After : Aug 26 02:02:14 2018 GMT
        Subject: CN=*

            X509v3 Subject Alternative Name: 

Cool ! ! !
Now if his devices are able to match the SVN request with * he is good to go.
If not, I say, feed them SVN and SNI the rest over a separate vhost config.


The param --cert-name works!

Can you share the PUBLIC cert or domain name so we can see/learn from it?

Either way, I’m glad that helped.

I think it does not work well. :frowning:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.