One Certificate for 1 domain and 2 subdomain


#1

I have a little confusion here.
My scenario is like:
I have a public domain say example.com and in my environment i need 3 certificates, 1 for example.com, 2nd for abc.example.com and 3rd def.example.com where “abc.example.com” and “def.example.com” are my 2 subdomains.
Also, for subdomains i need JKS certs.
According to this scenario can anyone please suggest that should i go for SAN certificates by mentioning multiple -d parameters in single command or should i take wildcard certificate?
Also, if i am taking SAN cert by mentioning multiple -d parameters, will letsencrypt will verify all 3(domains & subdomains)?
Would appreciate any help here, Thanks in Advance.


#2

If you take a wildcard certificate *.example.com, you need to add the domain example.com to the certificate, because a wildcard is valid only for one level (not for a.b.example.com or example.com). And the wildcard impose a DNS challenge.

Yes, if you use a SAN certificate for example.com abc.example.com and def.example.com you’ll need to validate tree challenges.

PS: you posted in the “Help in French” category, was it a mistake?