I've made a mess of things, and I would like to fix it

  1. I created an initial certificate through Synology for my top domain, say Mydomain.com
  2. I then created separate certificates for three subdomains: domain1.Mydomain.com, domain2.Mydomain.com, and domain3.Mydomain.com
  3. Then I stumbled upon the script acme.sh which created a wildcard domain cert: *.Mydomain.com, only to realize that I need to create a TXT record into the DNS registry, and I don’t have access to that registry.
  4. Then, I realized that Synology all along supports wildcard domains!

Yep, I made a nice mess of things. I would like to fix this, so what should I do?
Do I delete all the certs and regenerate one from synology? Would that work?

Your advice is greatly appreciated!

Thanks!

1 Like

Not really.
Things are currently working, right?
But you would like to consolidate all the names onto a single wildcard cert.

Please explain step #2.
How did you create these other certs?

Possibly, but then the wildcard cert will be in the Synology device.
Are all your cert uses within that one device?

1 Like

rg305, thank you for your swift reply!
Here’s a bit more details:

  1. Yes, all the certs are in the same synology device.
  2. I created the three subdomain certs the same way I created the cert for the Mydomain.com, that is by using the service in the Synology device.

So: the first cert is currently ONLY for the Mydomain.com.

1 Like

Then this should be simple.
I would not worry to much about deleting any certs just yet.
First try and get that wildcard cert (ensuring it also includes the base domain).
Like:
mydomain.com & *.mydomain.com
Then switch all services to that new cert.
If that all works, then delete any unused certs.

2 Likes

rg305,

THANK YOU!

I’ve done as you said: went back and created a wildcard cert, made it the default cert, and without having to tinker with any apache conf files, the subdomains have now a legit let’s encrypt cert. I checked the cert in my browser and it is indeed the wildcard cert that is being used for the sub domains!

Thank you so much!

One follow-up question: The way the Synology device does it is that it asks for a listing of all the subdomains I want included as aliases. If in the future I want to add another domain to that list, do I create another cert with all the subdomains? How would that work?

2 Likes

That sounds like a question for Synology.
I can only guess that the answer is yes.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.