Wild card and www

crashbdx · April 12, 2019, 6:49am

I ran this command:
sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d web-wallet.com -d *.web-wallet.com -d \*.web-wallet.com

It produced this output:
all goes well

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 16.04.6 x64

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Command not found but i know it’s there… installed that way:
$ wget https: //dl .eff.org /certbot-auto
$ chmod a+x . /certbot-auto
$ sudo . /certbot-auto

Everything work without www i can put any subdomain name:
https://mommy.web-wallet.com
https://toto.web-wallet.com
https://letsencrypt.web-wallet.com

etc… but as soon as i add the www i get:

# Your connection is not private

Attackers might be trying to steal your information from www.mommy.web-wallet.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

Thanks in advance for the help

JuergenAuer · April 12, 2019, 8:43am

Hi @crashbdx

that's normal.

If you have a certificate *.web-wallet.com, it works only with subdomains. Not with subdomains of subdomains.

There is no

*.*.web-wallet.com

defined.

If you want to use the www.mommy.web-wallet.com secure, you need a new certificate with that domain name. Or a wildcard

*.mommy.web-wallet.com

crashbdx · April 12, 2019, 9:31am

Hello, thanks a lot for this answer.
I tried with this:

sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d web-wallet.com -d www.*.web-wallet.com -d *.web-wallet.com

But i get the following:

An unexpected error occurred:
The request message was malformed :: Error creating new order :: DNS name had a malformed wildcard label

There is no way to make it automatique so i dont have to update for every future subdomain?
*.*.web-wallet.com
give me an error as well because more than one whild card.

Thanks in advance

JuergenAuer · April 12, 2019, 9:33am

doesn't exist and isn't defined.

Same.

You can't use one domain name with two * or the * not on the first place.

crashbdx · April 12, 2019, 9:42am

Ok so i have to update the certificate an add each subdomaine everytime i create one is that correct?

JuergenAuer · April 12, 2019, 11:16am

Yes. But is it really required to have the sub-subdomain www?

Main domain -> you should have a www.

But subdomains normally don't have an additional www version.

My own subdomain service uses *.server-daten.de (sample - the check-your-website.server-daten.de), but not www.check-your-website.server-daten.de.

There is no dns entry defined -> so no certificate is required.

So add the subdomains manual in your dns, not with a wildcard -> then www - subdomain doesn't exist.

crashbdx · April 12, 2019, 11:33am

Thanks for the infos, i could just put a redirect from www to non www for subdomain actually, i will go with this, thank you

system · May 12, 2019, 11:33am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.