Quick question about SAN for a Wildcard SSL cert

Hello. My domain is traveltek.net. We have a wildcard which you can see on a site such as here,

fusion.traveltek.net

I'll attach a screenshot of the SAN details. It only covers *.traveltek.net

I am actually wondering if it's possible to also create a SAN on this cert which covers just traveltek.net as well.

The command we have in our automaton for auto renewing this wildcard looks like this,

/usr/bin/certbot certonly --dns-route53 --email domains@traveltek.net -d *.traveltek.net --agree-tos --non-interactive --preferred-chain "ISRG Root X1"

We are running Certbot version certbot 1.32.2 on Ubuntu 20.04.5 LTS

Would changing our script to this do the job?

/usr/bin/certbot certonly --dns-route53 --email domains@traveltek.net -d *.traveltek.net -d traveltek.net --agree-tos --non-interactive --preferred-chain "ISRG Root X1"

Thanks.

Yes, it should. You could even add --dry-run to test with the staging system and not disturb your production certs.

If --dry-run works then just remove it to get the production cert.

3 Likes

Thanks very much! :slight_smile:

3 Likes