There is no root domain in the wildcard certificate

My website: www.shirosaki-hana.fun
I have apply a wildcard certificate. But I find there is no root domainin the certificate. So if I visit the shirosaki-hana.fun ...

image708×514 16.9 KB

Yes, your wildcard certificate only covers subdomains. You need to also include shirosaki-hana.fun as a Subject Alternative Name (SAN). With certbot I believe this is done using certbot --expand -d *.shirosaki-hana.fun,shirosaki-hana.fun. Note that you will need to perform TXT validation for both identifiers which will mean your TXT record either has to hold two values or you need to validate one then move onto the other.

Now I have pass the TXT validation, but I have another trouble:

{
    “type”: “urn:ietf:params:acme:error:unauthorized”,
    “detail”: “Error finalizing order :: Order includes different number of names than CSR specifies”,
    “status”: 403 
}

I am confused about how to generate a CSR correctly.

How do you generate the CSR files?
[maybe someone can spot the needed modification to that step]

It would also help if we knew which ACME client software you are using. Not certbot?

OpenSSL

My Python program

Could you provide the complete command used?
Otherwise, my only response can be: You are using the right program.

Here are some instructions I found online on how to add the multiple names into CSR (SAN field):

I'm puzzled here.. What are you, in the grand scheme of things, trying to achieve? There are literally more than a dozen ACME clients out there. What's the reason why you're using OpenSSL to generate the CSR in combination with "[your] Python program", whatever that may be?

If that can be automated, then you are done
Cheers from Miami

#FreeCUBA

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.