yes - we use a number of subdomains that share this code. such as calendar.hubsmp.com, etc.
I donāt know exactly how Apacheās virtualhost routing interacts with wildcards, although I think Iām about to learn more about that topic now that Letās Encrypt has started issuing them. Maybe someone else can help address this?
@hamlethub you do have other VirtualHost entries for your calendar, etc. correct? You just think you need a wildcard VirtualHost because certbot is telling you so, right?
I think the issue here is that certbotās autoconfigurator only works when there is one literal *.example.com VirtualHost, and is not presently designed to cover the use case of one wildcard covering many discrete subdomain VirtualHosts.
It is working correctly.
Even though I only have hubsmp.com and www.hubsmp.com in the ā<Virtual Hostā¦ā (no wildcard) as noted above, subdomains are working correctly. So I am assuming that I do not need to put all the individual subdomains in the Virtual Host brackets.
My question was whether or not I could put ā*.hubsmp.comā as a Server Alias in the Virtual Host declaration, but I do not believe that is necessary.
Thanks!
Typically you would need to do that to map, e.g. calendar.hubsmp.com to an actual calendar and not your main website at www.hubsmp.com. If there is some sort of proxy or application at www.hubsmp.com that detects if calendar.hubsmp.com is the hostname and returns the calendar instead then you indeed don't need them.
It would only be necessary if e.g. you also wanted to host a second *.hubsmp.net VirtualHost on the same server. If you only have one VirtualHost it acts as the default, and there is no need to explicitly list which domains it answers for.
Iām going to jump in as I worked on this just recently.
Looking at your site, seems like you already have got this working. Thatās good!
To shed some light on how Apache plugin handles the VirtualHost discovery for wildcard names, the current functionality is that it searches for any applicable names in your configuration files. For *.hubsmp.com wildcard, qualifying names would be: calendar.hubsmp.com and www.hubsmp.com but not january.calendar.hubsmp.com as wildcard certificates are only valid for the depth theyāre issued.
While Apache itself does not need any names in its VirtualHost configuration, the current functionality of Certbot Apache plugin wildcard certificate does. Having a ServerName or ServerAlias of anything.hubsmp.com in your configuration would have made it possible for Certbot to find the VirtualHost.
So to recap; Apache plugin wildcard name discovery does not currently support default (unnamed) Apache VirtualHosts, but instead requires at least one VirtualHost to have a qualifying name. This is something that weāll have to discuss how to address. For the very least, we can make the error message more informative in this regard.
Sorry that you were having problems with wildcard certificate installation, but it looks like everything should be in order now.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.