Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=uppsala.support), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
https://crt.sh/?q=uppsala.support

My domain is: uppsala.support

I ran this command:
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d uppsala.support -d *.uppsala.support

It produced this output:
IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/uppsala.support/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/uppsala.support/privkey.pem
  Your cert will expire on 2021-08-25. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew all of your certificates, run
  "certbot renew"

• If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
  Donating to EFF: https://eff.org/donate-le

My web server is (include version):
ngin
The operating system my web server runs on is (include version):
nginx/1.18.0 (Ubuntu)

My hosting provider, if applicable, is:
Contabo

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

I did a cert for *.uppsala.support first and then I remembered i had to do one for uppsala.support as well and extended the first one and restarted nginx. Now I have security issiues with three different browsers. The certificate still refers to the *.uppsala.support one, even tho certbot certificate looks like this:

certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: uppsala.support
Domains: uppsala.support *.uppsala.support
Expiry Date: 2021-08-25 19:31:48+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/uppsala.support/fullchain.pem
Private Key Path: /etc/letsencrypt/live/uppsala.support/privkey.pem

It's the same location as the first one so one would think it would work?

Currently, I'm seeing the correct certificate installed at uppsala.support: the one with both *.uppsala.support and uppsala.support in the SAN extension.

However, I can't test for any subdomain, as it seems there are no subdomains registered in your DNS. So www.uppsala.support fails with a DNS error.

Thank you. It seems like it was a cache issue.

Den fre 28 maj 2021 10:45Osiris via Let's Encrypt Community Support <letsencrypt@discoursemail.com> skrev:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.