Hello, I successfully created a LE certificate using the DNS challenge for *.onthesunnysideofthestreet.duckdns.org. I used that for my nextcloud instead of the normal challenge, because my ISP blocks forwarding of port 80 and 443 on my router. On the router I have exposed two other ports, which redirect to 80/443 on the inside network. Now, when I visit my site on onthesunnysideofthestreet.duckdns.org:PORT firefox gives out an error and says the certificate is not issued to onthesunnysideofthestreet.duckdns.org:PORT, but the certificate is only valid for *.onthesunnysideofthestreet.duckdns.org.
Is there a way not to get this error?
A certificate valid for *.onthesunnysideofthestreet.duckdns.org does not include onthesunnysideofthestreet.duckdns.org. The way wildcard matching works is that *.example.com matches foo.example.com and bar.example.com, but not example.com itself.
You can create a certificate which has "DNS Subject Alternative Names" for both the wildcard *.onthesunnysideofthestreet.duckdns.org and the base onthesunnysideofthestreet.duckdns.org domain name.
How exactly you do that depends on the client, but you should be able to ask it for both domains.
4 Likes
Oh, I see. I should have created a certificate for onthesunnysideofthestreet.duckdns.org instead of the wildcard. (assuming I don't want to use sub names) Do I understand this right?
2 Likes
Yes, if you're visiting onthesunnysideofthestreet.duckdns.org, you do not want the wildcard. You only want the wildcard if you're visiting somethingelse.onthesunnysideofthestreet.duckdns.org
4 Likes
That makes perfect sense. Thank you.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.