Why the wildcard certificate shows NOT SECURE without the www


#1

I generated the wildcard certificates using this command for brutalrace.fr and desafiodeguerreros.com.es, look:

./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.brutalrace.fr

and

./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.desafiodeguerreros.com.es

I installed it and works fine entering in the browser URL: https://www.desafiodeguerreros.com.es or https://www.brutalrace.fr

BUT

When I enter https://brutalrace.fr it doesn’t work and the same for the other domain. Its suposed that is a wildcard certificate and should work for both options. Can you help?


#2

Hi @genialjacob,

A wildcard certificate for *.example.com isn’t valid for example.com. This is an unintuitive quirk of the underlying technology and is the same for wildcard certificates issued by another CA. The wildcard only covers subdomains of the main domain. If you want to use the certificate for the main domain as well it needs to include that name in addition to the wildcard.

You can fix this by getting a certificate for both brutalrace.fr and *.brutalrace.fr by changing your Certbot argument to specify both domains using -d brutalrace.fr -d *.brutalrace.fr. You’ll have to do similar with desafiodeguerreros.com.es and *.desafiodeguerreros.com.es.

Hope that helps!


#3

You got a certificate with the only name *.brutalrace.fr. This doesn’t work used by brutalrace.fr.

You need something like
certbot [other options] -d *.brutalrace.fr -d brutalrace.fr

Then you should get a certificate with two names - *.brutalrace.fr and brutalrace.fr.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.