My domain is: marcuse.net.au
I ran this command:
let’s encrypt in a docker container
subdomain = wildcard
It produced this output:
going to a website still provides the cert error
I can login to a root shell on my machine (yes or no, or I don’t know): yes
A wildcard certificate will only cover the first level names…
It seems that you created a certificate for *.marcuse.net.au, so the certificate will work on ad.marcuse.net.au, not *.ad.marcuse.net.au
how can i get it working with this config ?
i want to cover both marcuse.net.au and ad.marcuse.net.au
It may be easier to change the server name from
(which is NOT covered by the existing wildcard cert)
to something like:
(which would be covered by the existing wildcard cert).
i got servers linked to my AD which is ad.marcuse.net.au
and i got services linked to marcuse.net.au
so i need both active.
What command did you run to get this certificate? Or on what platform (web control panel?)
You’ll need a certificate that contains two SANs… Not sure if the profram allow you to do so…
What is that program?
Then you will need two wildcards (which can be on the same cert - or separate certs).
But we are not familiar with the program in your screenshot...
im using a docker container of the lets encrypt
im using portainer to manage my containers.
below is my config
-e PGID=1001 -e PUID=1001
-e SUBDOMAINS= wildcard
-e DNSPLUGIN= cloudflare
-p 80:80 -p 443:443
I don’t see how that can do multiple wildcards…
Maybe you can run a docker container per each required wildcard?
Create the cert therein and export/share/move it to another path.
Then shutdown the containers (when not in use).
I’m sure the are probably better solutions; but if you need something right away, this may work.
what is the other way to do it to allow both wildcards in one cert?
hopefully in a docker container
I don't know how (using that client).
But others have run other clients in docker that can do what you need.
ACME.sh comes to mind.
According to the documents…
You might be able to run this
docker create –cap-add=NET_ADMIN –name=letsencrypt –restart always –net=int_net –ip=192.168.70.242 -v /var/lib/docker/volumes/letsencrypt_config/_data:/config -e PGID=1001 -e PUID=1001 -e EMAILemail@example.com -e URL=marcuse.net.au -e SUBDOMAINS= wildcard -e EXTRA_DOMAINS = ad.marcuse.net.au -e VALIDATION=dns -e DNSPLUGIN= cloudflare -p 80:80 -p 443:443 -e TZ=Australia/Sydney linuxserver/letsencrypt
Not sure what type of SAN it would create for the AD subdomain.
tried that before, didnt work
2048 bit DH parameters present
SUBDOMAINS entered, processing
Wildcard cert for marcuse.net.au will be requested
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d ad.marcuse.net.au
E-mail address entered: firstname.lastname@example.org
dns validation via cloudflare plugin is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
nerating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new order :: Domain name “ad.marcuse.net.au” is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.
Please see the logfiles in /var/log/letsencrypt for more details.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
That would have to say:
Extra domains processed are: -d "*.ad.marcuse.net.au"
Which is quite unclear in the documentation if that is supported (or how to get more than one wildcard on the same cert).
Why re-invent the wheel?
Try something else that is proven to work for the situation you have.
so you mention to use acme.sh ?
i have not used it before
I have; it is very easy to use
I have not used it in docker image…
But it should give the same results.
would you be able to provide some assistance in setting it up ?
there is also a acme package within pfsense i installed but havent configured
I would have to read on how to do it in docker.
Which is the same thing you would have to do.
Once you run it and if you have any trouble you can open another ticket here and mention “acme.sh docker” in the title.
You will get the right attention to that thread.