I have a demo ASP.NET Core application hosted at https://pgapartments.rajnarayanan.com, and a let's encrypt ssl certificate for that subdomain is installed. I also have a separate working let's encrypt ssl cert for the root domain, rajnarayanan.com. All is fine, but typing in just any subdomain like blah.rajnarayanan.com shows a "Your connection is not private" privacy error page with the error: "NET::ERR_CERT_COMMON_NAME_INVALID". Then, clicking on the advanced button and then the "Proceed to blah.rajnarayanan.com" link takes me to the blah.rajnarayanan.com page with a "Not Safe" indication where the ssl padlock would usually be. And it actually shows the contents of the pgapartments.rajnarayanan.com subdomain site. How can I prevent this from happening?
I thought maybe my A and CNAME DNS records might be misconfigured but I think they seem alright, as far as I know. But they could be misconfigured all the same.
BTW, I tried to install a let's encrypt wildcard ssl cert, but it was a pain in the neck. I simply couldn't get past the step of adding the specified dns record and continuing the setup process.
Remove this and you'll be fine: *.rajnarayanan.com. 3599 IN CNAME rajnarayanan.com.
Either specify the CNAMEs of your subdomains individually or you'll have to gracefully handle all the unspecified ones in your webserver configuration.
The host/name of the TXT record for *.rajnarayanan.com should be _acme-challenge.rajnarayanan.com. This is the same host/name of the TXT record for rajnarayanan.com. They will have different values though, which will be specified by your ACME client.
Curious definition of "fine" you have Substitute a (valid!) certificate error with a DNS NXDOMAIN error
Perhaps I don't grasp the actual issue here, but isn't the answer to this not just "Don't enter random and non-functional hostnames in the address bar of your browser."?
Removing the wildcard "*.rajnarayanan.com" CNAME DNS record fixed it. I had a feeling that this was the culprit. Thanks.
"Don't enter random and non-functional hostnames in the address bar of your browser." -- Well I'm just a curious guy and very thorough in everything. So I just happened to test it with a non-functional subdomain.