Help with wildcard setup


#1

My domain is: marcuse.net.au

I ran this command:
let’s encrypt in a docker container
subdomain = wildcard

It produced this output:
going to a website still provides the cert error

I can login to a root shell on my machine (yes or no, or I don’t know): yes


#2

Hi,

A wildcard certificate will only cover the first level names…

It seems that you created a certificate for *.marcuse.net.au, so the certificate will work on ad.marcuse.net.au, not *.ad.marcuse.net.au

Thank you


#3

how can i get it working with this config ?
i want to cover both marcuse.net.au and ad.marcuse.net.au


#4

It may be easier to change the server name from
pfsense.ad.marcuse.net.au
(which is NOT covered by the existing wildcard cert)
to something like:
pfsense-ad.marcuse.net.au
(which would be covered by the existing wildcard cert).


#5

i got servers linked to my AD which is ad.marcuse.net.au
and i got services linked to marcuse.net.au

so i need both active.


#6

Hi,

What command did you run to get this certificate? Or on what platform (web control panel?)

You’ll need a certificate that contains two SANs… Not sure if the profram allow you to do so…

Thank you


#7

What is that program?

Then you will need two wildcards (which can be on the same cert - or separate certs).
But we are not familiar with the program in your screenshot…


#8

https://hub.docker.com/r/linuxserver/letsencrypt/
im using a docker container of the lets encrypt

im using portainer to manage my containers.

below is my config
docker create
–cap-add=NET_ADMIN
–name=letsencrypt
–restart always
–net=int_net
–ip=192.168.70.242
-v /var/lib/docker/volumes/letsencrypt_config/_data:/config
-e PGID=1001 -e PUID=1001
-e EMAIL=ben@marcuse.net.au
-e URL=marcuse.net.au
-e SUBDOMAINS= wildcard
-e VALIDATION=dns
-e DNSPLUGIN= cloudflare
-p 80:80 -p 443:443
-e TZ=Australia/Sydney
linuxserver/letsencrypt


#9

I don’t see how that can do multiple wildcards…

Maybe you can run a docker container per each required wildcard?
Create the cert therein and export/share/move it to another path.
Then shutdown the containers (when not in use).

I’m sure the are probably better solutions; but if you need something right away, this may work.


#10

what is the other way to do it to allow both wildcards in one cert?
hopefully in a docker container


#11

I don’t know how (using that client).
But others have run other clients in docker that can do what you need.
ACME.sh comes to mind.


#12

Hi,

According to the documents…
You might be able to run this
docker create –cap-add=NET_ADMIN –name=letsencrypt –restart always –net=int_net –ip=192.168.70.242 -v /var/lib/docker/volumes/letsencrypt_config/_data:/config -e PGID=1001 -e PUID=1001 -e EMAIL=ben@marcuse.net.au -e URL=marcuse.net.au -e SUBDOMAINS= wildcard -e EXTRA_DOMAINS = ad.marcuse.net.au -e VALIDATION=dns -e DNSPLUGIN= cloudflare -p 80:80 -p 443:443 -e TZ=Australia/Sydney linuxserver/letsencrypt

Not sure what type of SAN it would create for the AD subdomain.

Thank you


#13

tried that before, didnt work

2048 bit DH parameters present

SUBDOMAINS entered, processing

Wildcard cert for marcuse.net.au will be requested

EXTRA_DOMAINS entered, processing

Extra domains processed are: -d ad.marcuse.net.au

E-mail address entered: ben@marcuse.net.au

dns validation via cloudflare plugin is selected

Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created

nerating new certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator dns-cloudflare, Installer None

Obtaining a new certificate

An unexpected error occurred:

The request message was malformed :: Error creating new order :: Domain name “ad.marcuse.net.au” is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot

    configuration directory at /etc/letsencrypt. You should make a

    secure backup of this folder now. This configuration directory will

    also contain certificates and private keys obtained by Certbot so

    making regular backups of this folder is ideal.

ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.


#14

That would have to say:
Extra domains processed are: -d “*.ad.marcuse.net.au”
Which is quite unclear in the documentation if that is supported (or how to get more than one wildcard on the same cert).

Why re-invent the wheel?
Try something else that is proven to work for the situation you have.


#15

so you mention to use acme.sh ?


#16

Yes, I would try acme.sh


#17

i have not used it before


#18

I have; it is very easy to use
I have not used it in docker image…
But it should give the same results.


#19

would you be able to provide some assistance in setting it up ?

there is also a acme package within pfsense i installed but havent configured


#20

I would have to read on how to do it in docker.
Which is the same thing you would have to do.
Once you run it and if you have any trouble you can open another ticket here and mention “acme.sh docker” in the title.
You will get the right attention to that thread.