[resolved] Letsencrypt refuses to generate a wildcard certificate

fullinator · April 6, 2018, 4:41pm

I cannot get letsencrypt to give me a wildcard certificate. I request a certificate for *.mutablemango.com and mutablemango.com and it’ll give me a certificate for www.mutablemango.com and mutablemango.com. I tried the same command I provided below on a different domain (joelcherney.com) and it worked. It gave me a certificate for joelcherney.com and *.joelcherney.com. I stupidly rate limited myself on the mutablemango domain but have switched to testing on the staging server where I’m running into the same issue. (https://acme-staging-v02.api.letsencrypt.org/directory) At this point I have no idea why letsencrypt refuses to give me a wildcard domain. Can anyone provide any guidance?

My domain is: mutablemango.com

I ran this command: certbot certonly -d mutablemango.com -d *.mutablemango.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

It produced this output: Certificate Name: www.mutablemango.com mutablemango.com

My web server is (include version): nginx version: nginx/1.12.2

The operating system my web server runs on is (include version): Linux 4.15.2-2-ARCH

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

jmorahan · April 6, 2018, 4:46pm

Do you happen to have a file or subdirectory named www.mutablemango.com in the directory where you’re running the command?

schoen · April 6, 2018, 5:13pm

Everybody writing documentation, please always put wildcard examples in quotes!

fullinator · April 6, 2018, 5:13pm

Yes! Looks like I backed up the www.mutablemango.com directory in my home directory some time back. After switching directories to /tmp the wildcard certificate generated without a problem. Thank you so much for your help!

If you don’t mind me asking, why does this affect generating a new certificate?
I figured it out. (took me longer then I’d ever want to admit) The *.mutablemango.com changes to www.mutablemango.com. Thus schoen’s response. I figured I’d leave the question and my own answer here so that others who have this same problem might find the answers they need. Thanks all!

schoen · April 6, 2018, 5:57pm

The * in the certificate wildcard (including the use of that symbol) is directly inspired by Unix shell wildcards.

The Unix shell wildcards also still work in the Unix shell and still have their original meaning there.

system · May 6, 2018, 5:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.