Problem with specific domain

truongdqse03303 · May 27, 2020, 3:06am

Hi guys
My domain is: hp-web-dev01.transer.com
and my domain generate many sub link so i though i need a wildcard
i did success encrypt with the wildcard *.hp-web-dev01.transer.com
the ssl is ok with hptest.hp-web-dev01.transer.com
but at some domain it’s not working, like: www.pref.yamanashi.jp.img.yamanashi.hpstage.hp-web-dev01.transer.com
https://community.letsencrypt.org/t/does-wildcard-certificate-support-wildcards-with-www/86653/4
follow the answer of this topic, i encrypted for each link but had the issue with 64bit long domain.
so what should i do now with these link like this with let’s encrypt or any other tool?
Thanks for reading.

rg305 · May 27, 2020, 3:08am

Wildcard doesn’t mean you can make the name as long as you like.
It will NOT cover names that include another period (to the left).

That is the wildcard name and the wildcard have to have the same number of periods.
Your wildcard has 3 periods.
Your test name has 9 periods.

truongdqse03303 · May 27, 2020, 3:12am

hi sir @rg305
yes after read the link i posted i knew it but now im asking for anyother solution if the wildcard not working and event encrypt 1 link with command: certbot-auto certonly -d
still not working because it’s too long, 64bit-long issue

mnordhoff · May 27, 2020, 3:13am

First, for 1990s technical reasons, your certificate needs to have at least one name that is 64 characters or shorter. You can have other names that are longer.

Second, wildcards only cover one “level” of name. A certificate for *.example.com matches xyz.example.com but not x.y.z.example.com.

(Third, Let’s Encrypt limits the number of dots. Fortunately, you don’t have too many.)

So, to match www.pref.yamanashi.jp.img.yamanashi.hpstage.hp-web-dev01.transer.com, you either need www.pref.yamanashi.jp.img.yamanashi.hpstage.hp-web-dev01.transer.com itself, or *.pref.yamanashi.jp.img.yamanashi.hpstage.hp-web-dev01.transer.com.

But those are both too long.

You could, for example, get a certificate for *.hp-web-dev01.transer.com and *.pref.yamanashi.jp.img.yamanashi.hpstage.hp-web-dev01.transer.com, because one of them is short enough.

rg305 · May 27, 2020, 3:13am

Add one shorter name first.
Each cert can have 100 names on it.

system · June 26, 2020, 3:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.