Wild card issue

I found an issue with the wild card SSL for the subdomain
if you type https://example.example.com it shows secure and works
but if you go to https://example.example.com/admin it shows not secure.
So it seems the Wild card SSL doesn't secure the whole site.
Has anyone else seen this issue if you did ou fix it.


TLS doesn't even know about the path (like /admin), so I think something else is wrong.

Could you share the exact error message, domain, and certificate you're using?


I have had other wildcards but never had this problem, there is no error message just this is not secure.

There is not much we can say without knowing the exact domain name

You could test your cert config using SSL Labs or a site like below. That might help you figure out if it is a cert issue or a server mis-configuration


You guys are missing understanding me the cert works, if you type in example.example.com/admin it will not show secure, but if you type in example.example.com show secure working. I have used Comodo certs in the past and never had this issue. and installed lots cert never had this issue with wildcard. I am only putting in example.example.com because you will not be able to access the site. It site behind the fire no outside access for not.

Can you maybe provide a screenshot? I have a hunch you may be dealing with Mixed content.


Screenshot from 2023-06-22 16-17-48
First works

Now I had Comodo cert installed on this site with no issue. Not mixed content I want to try the free SSL. This

Click the icon with the exclamation point and show the error message

Because if crm is the actual domain name you are trying then no Let's Encrypt cert will be valid for that request. LE only issues certs for valid public domain names and crm is not.


Yes you need to ensure that your system continues to use the full domain name and does not slip back to using the internal host name "crm". Your certificate only covers the domain, not internal names.


No error message. It does it with the full domain. Iooked at all of it.

So here the thing I had comondo certificate on here worked perfect. No issue same exact site. It doesn't matter if is short should work. crm.lillyleap.com it works. crm.lillyleap.com/wp-admin doesn't work. Had Comondo wild card cert works.

You haven't shown a screenshot of any error yet!

One thing to look out for is having a valid certificate but the website content is untrusted because it mixes http and https requests. Sites using https must use https for everything (stylesheets, js, images etc), this will be reported in the browser console/network tools.

Your screenshot with the https://crm/wp-login.php url clearly shows the hostname "crm" being used instead of the full domain. You cannot get a publicly trusted Domain Validated (DV) certificate for an internal hostname that's not a fully qualified name with a domain.


Okay I see was even pay attention to the URL, fixed UGh

There is another issue with your cert. But, you haven't shown an error yet so this is just something else to look at. Your wildcard cert from Let's Encrypt does not have the root name in it so is only good for subdomains of the root. Your prior wildcard certs from Sectigo and Comodo had both.

That is, the LE wildcard will work for names like crm.lillyleap.com and www.lillyleap.com but not for just lillyleap.com

None of those certs would work with a domain name of crm though as it won't match any name in the cert.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.