Nginx .support tld

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly --server --manual --preferred-challenges dns -d -d *

It produced this output:

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2021-08-25. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt:
    Donating to EFF:

My web server is (include version):
The operating system my web server runs on is (include version):
nginx/1.18.0 (Ubuntu)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

I did a cert for * first and then I remembered i had to do one for as well and extended the first one and restarted nginx. Now I have security issiues with three different browsers. The certificate still refers to the * one, even tho certbot certificate looks like this:

certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name:
Domains: *
Expiry Date: 2021-08-25 19:31:48+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

It's the same location as the first one so one would think it would work?

Currently, I'm seeing the correct certificate installed at the one with both * and in the SAN extension.

However, I can't test for any subdomain, as it seems there are no subdomains registered in your DNS. So fails with a DNS error.


Thank you. It seems like it was a cache issue.

Den fre 28 maj 2021 10:45Osiris via Let's Encrypt Community Support <> skrev:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.