Trying to create a Wildcard domain

Help
1

My domain is: nspeaks.com

I ran this command: sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.nspeaks.com

Ouput:
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: diary.nspeaks.com

Nginx 1.17.7

OS: Ubuntu 18.04.3

My hosting provider is: Digitalocean

I can login to a root shell on my machine: yes

No control panel

The version of my client is: Certbot 0.31.0

I am trying to generate a wildcard domain but am getting errors.

1 Like
2

Hi

that's not the error message of your command. diary isn't used in your command.

That output

happens if your command is incomplete or wrong. Looks like a missing -d flag.

But if you want to create a certificate with *.nspeaks.com, that certificate cant have the additional domain name diary.nspeaks.com`. A wildcard includes that.

You should add -d nspeaks.com, so your main domain is included.

1 Like
3

Actually. I have already several subdomains set up with their own Letsencrypt certificates. I was thinking of switching to Wildcard.

For some reason, certbot seems to have an issue with the diary subdomain only.

Adding -d nspeaks.com to the command didn’t help. Got the same output.

This is the nginx configuration of diary.nspeaks.com

server {
    server_name diary.nspeaks.com;

    root /var/www/diary/html/public;
    index index.html index.htm;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/diary.nspeaks.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/diary.nspeaks.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = diary.nspeaks.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name diary.nspeaks.com;
    listen 80;
    return 404; # managed by Certbot
}
1 Like
4

You should change ..

.. to ..

-d "*.nspeaks.com”

because it looks like your shell is expanding the asterisk, leading to multiple extra options which certbot doesn't understand.

Also including the main domain like @JuergenAuer says is also a good idea. But what I said here above should fix your problem.

2 Likes
5

Please share your complete command.

As written: Your command doesn't match to your error message. There is something wrong.

Or share the first part of the Letsencrypt log.

/var/log/letsencrypt/letsencrypt.log
1 Like
6

Why not? Perfectly possible if the asterisk isn't escaped somehow in Bash.

1 Like
7

There is no

diary.nspeaks.com

in the command. Or it’s invisible because of a wrong copy&paste.

1 Like
8

@JuergenAuer That’s probably because the directory where he ran the command contains something with diary.nspeaks.com. Because the asterisk in the command isn’t escaped with quotes, Bash will expand the asterisk if it can find matches in the current directory.

To learn more about this, see http://tldp.org/LDP/abs/html/globbingref.html

In 99.99 % of the use of the asterisk on the command line with certbot it doesn’t present a problem, because in 99.99 % of cases there isn’t a matching file name or directory in the directory from where certbot was ran. But I think this is one of the rare cases in which there is a file or directory messing up the command line b/c of an unescaped asterisk.

2 Likes
9

Ah, thanks, good to know.

1 Like
10
To illustrate the above: 
server tmp # mkdir certbot-bash-asterisk-test
server tmp # cd certbot-bash-asterisk-test/
server certbot-bash-asterisk-test # touch foo.example.com
server certbot-bash-asterisk-test # touch bar.example.com
server certbot-bash-asterisk-test # certbot certonly -d *.example.com
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: foo.example.com
server certbot-bash-asterisk-test #
2 Likes
11

Hi @nspeaks ,

You should try this for wildcard ssl

wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
$ /usr/local/bin/certbot-auto --help

Run as root user

certbot-auto certonly --manual -d *.yourdomain.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

For more detail :point_down: :point_down:

12

@inderpalsingh Why would you suggest using certbot-auto while @nspeaks has a relative recent version of certbot from Ubuntu (probably the PPA) installed? Using the PPA is exactly like the documentation tells you, the certbot-auto script is only an “emergency” backup!

Also, there is no reason to believe using the certbot-auto script fixes @nspeaks problem, as it isn’t a problem with certbot most likely.

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.