SAN with redundant names

Hi all for a pilot of Teams Direct routing we would like to test the TLS handshake with Office365 with our Audiocodes SBC where we want install a Let'sEncrypt "wildcard certificate".
Our needs are this:
CN must be *.icsc.it

  1. SAN must be: sbc.icsc.it
  2. SAN must be: *.icsc.it

It's this possible with Let'sEncrypt ?

Thanks in advance
[redacted]@outlook.com
[redacted]@sostentamentoclero

2 Likes

Welcome to the Let's Encrypt Community, Andrea! :slightly_smiling_face:

In my experience, Let's Encrypt will not issue certificates containing redundant SANs.

8 Likes

Thanks Griffin, I've searched other similar requests and I've got the same. I've to go to other vendors.. Regards.

4 Likes

To prevent spam, you should edit your email address out of your original post.

7 Likes

Thanks for the advice :slight_smile: ...I've lot of spam checks that help me! :wink:

5 Likes

Although I do believe you can get a cert with both "sbc.icsc.it and *.icsc.it" from LE, I don't think you can specify which of the two would occupy the CN field.
And it might not be the way you wanted it.

If you can front-end the service, it might be possible to use the certs separately and simply proxy both to the wildcard back-end.

8 Likes

I just tried in the staging environment and got an error: Error creating new order :: Domain name "[redacted]" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request

But I must say you've piqued my curiosity as to why having only the wildcard name in there wouldn't be sufficient.

9 Likes

Now I'm having second doubts...
The overlap might prevent it; As shown by your error message @petercooperjr

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.