Nginx, Sandstorm, almost there


Hello everyone,

I am setting up a server for a client and I’ve almost gotten everything setup properly. I have letsencrypt setup and working for the main domain and the subdomain for Sandstorm. ( and respectively).

The main webpage loads with SSL perfectly and no complaints. The sandstorm subdomain also loads itself perfectly via SSL and all is well except… the actual usage and grains of Sandstorm wont load. I’m told (from many forums and docs) that its because of Wildcard host is misconfigured. I have it configured and have wildcard dns setup properly.

Everything is proxied correclty and reaching respective areas accordingly, but grains will not load and.

Yes I have read a few times that LetsEncrypt doesn’t support Wildcard certificates. I’m not certain that what I’m needing is that, so I’m posting here to see if anyone has any ideas as to what I should be doing (whether its letsencrypt I need to be reconfiguring) or sandstorm.



Yes, you will need a wildcard SSL certificate to do SSL Sandstorm.

Sandstorm desires that arbitrary hostnames (* in your example or maybe * map to the same machine and it makes up such names on the fly.

Let’s Encrypt doesn’t offer wildcard certificates and has no imminent plans to do so. So you will need a wildcard cert from somewhere else or, since Sandstorm is “private cloud” stuff, you’ll need to create your own private CA and use that to issue the wildcard, then trust it on every machine using the Sandstorm service.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.