Generating one certificate for all our subdomains

Hello, I am new in generating certificates for websites. We have several subdomains running ok, using the same command for each one, without the wildcard. However, we need to generate a certificate for all subdomains of our domain, because subdomains can be created dinamically by the users.

I don´t know if this commnad is ok, but I don´t find a lot of clear information about how to do that. Please, can you help me giving me the steps to make this configuration?

My domain is: *.trainerstudio.io

I ran this command: sudo certbot --nginx -d *.trainerstudio.io

It produced this output: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

My web server is: nginx (1.18.0)

The operating system my web server runs on is: Linux Ubuntu (5.4.0-100-generic)

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: I don´t know what it refers to

The version of my client is (Certbot): 0.40.0

2 Likes

Welcome to the community @adrilpz

The --nginx plug-in uses the HTTP challenge method so cannot be used for wildcard certs. For that you need to use the DNS challenge. I recommend starting with these two topics and let us know if you need more help after that

Challenge Types

https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins

Also, since you doing things on behalf of customers, you should review the advanced topics here and here

7 Likes

Also, be informed that a wildcard cert won't automatically cover the base domain.
[*.trainerstudio.io won't serve: trainerstudio.io]

You must add that name to the cert (if needed):
sudo certbot certonly --manual -d "*.trainerstudio.io,trainerstudio.io"

5 Likes