Is the wildcard available yet?

javaxnerd · 2018-06-25 10:53:55 UTC

I heard that was coming soon but not available yet.

I use cerbot (py) on Linux to generate the certificate and then upload it to my hosting provider. I want one certificate to cover the www and non-www versions of my domain. Currently, only the non-www version is covered. If someone tried to visit my site with the www prefix they get an SSL error. I don’t want to create multiple certificates. Can I make one cert cover my domain both with and without the www?

Thanks.

My domain is: leechristie.com

I ran this command: cerbot… something, I forget.

It produced this output: The correct output, it works fine. My SSL certificate is working.

My web server is (include version): I don’t know

The operating system my web server runs on is (include version): I don’t know

My hosting provider, if applicable, is: UK2

I can login to a root shell on my machine (yes or no, or I don’t know): Yes. (But that’s not where the webserver is)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CPanel, don’t know the version.

JuergenAuer · 2018-06-25 10:59:00 UTC

Hi @javaxnerd

yes, wildcard-certificates are available. I use one. But: dns-01 is required, so you have to create one or two dns-entries with the same name

_acme-challenge.leechristie.com

One to validate leechristie.com, one to validate *.leechristie.com

Use the version 2 of the api.

mnordhoff · 2018-06-25 11:02:12 UTC

Yes. Let’s Encrypt certificates can include up to 100 names, wildcards or otherwise. You could get a certificate with the names leechristie.com and www.leechristie.com, or leechristie.com and *.leechristie.com.

Certbot has supported wildcard certificates since version 0.22.0.

If you’re using cPanel, it’s simplest to use cPanel’s AutoSSL to automatically issue and maintain certificates, if your host doesn’t turn it off.

_az · 2018-06-25 11:05:38 UTC

uk2.net (your host) appears to have AutoSSL disabled.

I just want to add,

You don’t need wildcard for this, you can just get a regular certificate that covers both www and non-www versions of your domain.

It’s much simpler to make a non-wildcard, so I’d suggest going that way.

javaxnerd · 2018-06-25 11:10:24 UTC

How do I do this? certbot prompts me for what my domain is and I input leechristie.com, and the resulting certificate only covers the non-www version.

_az · 2018-06-25 11:11:14 UTC

However you run Certbot, you can specify two domains by passing e.g.:

-d example.org -d www.example.org

javaxnerd · 2018-06-25 11:11:43 UTC

Thanks, I’ll try that.

system · 2018-07-25 11:11:44 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.