Question on wilcard and multiple domains

I generated a wildcard certificate using the below command:

certbot certonly
–dns-linode-propagation-seconds 1000
-d * -d

This works without any problem.

I have another domain hosted on the same server, I issued the same above command for domain2 and created another wildcard certificate without any error. But, this certificate for doesn’t work properly.

SSLlabs check says “Certificate name mismatch. Try these other domain names (extracted from the certificates): is the hostname of the server in /etc/hosts file. It seems to me that if I need a wildcard certificate for, I should add a hostname, to /etc/hosts file. Is it correct way of solving this problem? Or do I need to do anthing else?

Thanks in advance.

You need to understand SNI and how your web server applies specific names to individual virtual hosts.
Each host should have a specific (non-overlapping) set of name(s) it will serve.
When an exact name match is NOT found the default virtual host config is used.
So I guess you don’t have a host for domain2 and domain1 is the default.

Thank you for your hints.

A close look shows that my problem lies somewhere else. My new domain is SSLLabs report that my new domain has a certificate name mismatch with Yes, also belongs to me, but resides on a different server with different IP. On top of this, a hostname of doesn’t exist in DNS records.

I scanned new server to check if exists anywhere in /etc folder. And it found it in /etc/letsencrypt/accounts/

So, thinking that I mis-typed domain name while creating cert, I revoked and deleted certificates for Also, deleted all /etc/letsencrypt folder. Then, successfully created wildcard certificate again for

To my dismay, checking SSLLabs gives the same error again. Common name and SAN for is still

Probably, I made a mistake and stuck with which doesn’t even exist. How can I get rid of it? Or is it just a propagation delay like DNS records?

Please don’t revoke certificates for these reasons - just delete them.

That problem is within your web server.
Again, you need to understand SNI …
[read my first post]

But, doesn’t even exist anywhere. At least, I can’t find how LE process invented and inserted it in the process from nowhere?

I am no an expert, but has nothing to do with web server. All the other subdomains (* work without any problem with the webserver. Problem is with mail subdomain which of course has no virtual host entry for apache conf.

Hi @sse450

you have installed the wrong certificate. If you have created such a certificate, you can use it with the wrong domain name. That’s what you are doing.

Install the correct certificate (or create one and install it).

Many thanks for taking time to support.

I created with “-d * -d” using dns-01 challenge. Everything works with as long as “subdomain” is defined with an A record. Only, is not working as it clashes with

Now, I am creating explicitly Let’s see what will happen.

Spoke too soon. not working as well. OK. So, I understand that the cert is wrong. I revoked and deleted all the existing certificates. And created again. But, LE created the new certificates with the same date of deleted certificates. It has the same problem.

How can I create a fresh new certificate with new date?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.