About wildcards :
Today I succeded to put a certificate on *.mydomain.tld using the DNS manual check.
Doing so, I figured out that mydomain.tld wasn’t certified (all subdomains was).
So I tryed to expand the certificate to mydomain.tld to , still using the manual DNS check.
The problem is the « checking process » asks me to add two TXT DNS entries, I guess one for *.mydomain.tld and one for mydomain.tld .
I added both entries but of course the checking process fails because it detects a wrong entry…
If you added records "ABC" and "XYZ" and one of the validations failed saying "looked for record 'ABC', found record 'XYZ'" or whatever, that means only one of them existed. If both existed, it would have worked.
Are you sure you added both records? Are you sure the authoritative DNS servers were serving both records? Maybe it was necessary to wait a few minutes longer?
Yes, I’m sure I added both records. I’m gonna try again with a few more minutes between the adding TXT records and the checking, but i’m pretty sure it will fail again…
Just to be sure, with two records, we write it like that :
_acme-challenge.mydomain.tld. IN TXT “CHAIN_ONE”
_acme-challenge.mydomain.tld. IN TXT “CHAINE_TWO”
?
Well, as expected I tryied after ~30min and I got the same error :
Failed authorization procedure. mydomain.tld (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “LuRzTwxtxL1S4jH-nkUCHxTnU0D3FrVjOj0cuZCPJwY” found at _acme-challenge.mydomain.tld
This record is the first one the checkin’ test asks to put.
In an other way to solve it, is it possible to add more than one SSLCertificateFile in a Apache Virtualhost ? It could do the trick (just have to create 2 certificates) but I suspect it’s not possible…
