Then I stumbled upon the script acme.sh which created a wildcard domain cert: *.Mydomain.com, only to realize that I need to create a TXT record into the DNS registry, and I don’t have access to that registry.
Then, I realized that Synology all along supports wildcard domains!
Yep, I made a nice mess of things. I would like to fix this, so what should I do?
Do I delete all the certs and regenerate one from synology? Would that work?
Then this should be simple.
I would not worry to much about deleting any certs just yet.
First try and get that wildcard cert (ensuring it also includes the base domain).
Like: mydomain.com & *.mydomain.com
Then switch all services to that new cert.
If that all works, then delete any unused certs.
I’ve done as you said: went back and created a wildcard cert, made it the default cert, and without having to tinker with any apache conf files, the subdomains have now a legit let’s encrypt cert. I checked the cert in my browser and it is indeed the wildcard cert that is being used for the sub domains!
Thank you so much!
One follow-up question: The way the Synology device does it is that it asks for a listing of all the subdomains I want included as aliases. If in the future I want to add another domain to that list, do I create another cert with all the subdomains? How would that work?