Subdomain Validation without WWW DNS Recod?


#1

Our web host requires the following DNS records are in place for proper Let’s Encrypt validation.
blog.vizergyit.com
www.blog.vizergyit.com

It seems odd that there is a requirement for www.blog.vizergyit.com when all we are concerned with is blog.vizergyit.com. They state this is a Let’s Encrypt requirement, but I’m not so sure. Can someone confirm?

My domain is: blog.vizergyit.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: SiteGround

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, cPanel 11


#2

Hi @egauk

this isn’t a Letsencrypt requirement.

You can get a certificate only with blog.vizergyit.com as domain name.

You don’t need a dns entry www.blog.vizergyit.com and you don’t need a running webserver www.blog.vizergyit.com.

If you use cPanel, there is a standard option to add www. But it’s possible to uncheck this.

And if you have cPanel, you should use this integrated solution.


#3

Hi @egauk,

As @JuergenAuer pointed out your host is misleading you. This isn’t a requirement from Let’s Encrypt, its a requirement of SiteGround’s own ACME implementation

I don’t know why they are telling customers that this is a Let’s Encrypt requirement. You aren’t the first person to come to the forums with this particular issue. If you have the chance, please provide feedback to your support agents that they are providing inaccurate information so that hopefully the agents can be educated with the correct answer going forward!

Thanks!


#4

Thank you @JuergenAuer and @cpu

I have been battling with SiteGround off and on for months concerning this. The initial verification works without the WWW DNS record, but the renewal will sometimes fail eventually causing the Let’s Encrypt cert to expire. Their answer has always been that the WWW record is required or it may not work and that it’s a Let’s Encrypt requirement. I agree that they are spreading poor information to their customers and making things more difficult than they should be.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.