Wildcard and Multidomain ssl certificate with nginx


#1

I have two domain
www.example.com
www.abc.in
and both are pointing to same ip and for one domain i already configured wild card certificate now i want to configure ssl for other domain too. so is it possible through one certificate for both domain?

Means Earlier i already configured wild card ssl for example.com.
sudo certbot — server https://acme-v02.api.letsencrypt.org/directory -d *.example.com — manual — preferred-challenges dns-01 certonly

now what i want to setup wildcard ssl for example.in also with earlier certificate. can i do using cerbot existing command like this :

sudo certbot — server https://acme-v02.api.letsencrypt.org/directory -d .example.in— manual — preferred-challenges dns-01 certonly

or what is there any solution to setup wildcard ssl setup multidomain for nginx.

Please helpout me :slight_smile: Thanks in advance :slight_smile:


#2

Hi,

Simply run sudo certbot — server https://acme-v02.api.letsencrypt.org/directory -d '*.example.com' -d '*.example.in' — manual — preferred-challenges dns-01

By adding more than one -d, means the certificate would include more than one subject alternative domain name (which is a mutlidomain certificate)

Thank you


#3

I’m doing same but giving error:

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. abc.in (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up TXT for _acme-challenge.agamiecom.in

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: agamiecom.in
    Type: None
    Detail: DNS problem: query timed out looking up TXT for
    _acme-challenge.abc.in

Command what i run :
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d abc.in --manual --preferred-challenges dns-01 certonly
For example.com i already get the TXT Record . So i’m running only for abc.in. or have to combine and run for both together ?

Thanks.


#4

If you want one certificate with both domains, you must include both domain & pass both validation.

https://unboundtest.com/m/TXT/_acme-challenge.agamiecom.in/MKK222YT

Your domain is having issue responding to queries.due to a misconfigured DNS settings.

When let’s encrypt query your domain, dreamhost.in redirects to cloudflare… and cloudflare doesn’t provide a answer to the query, hence let’s encrypt timed out.

Is that an expected behavior?

Do you mean to use cloudflare as DNS provider (maybe as well as cdn)?

Thank you


#5

No we do not want to use cloudflare as DNS provider. For DNS, we are using bluehost and hosting server is packet.net.

Should i delete old certificate and reconfigure multi domain ssl for both domain together?

sudo certbot — server https://acme-v02.api.letsencrypt.org/directory -d ‘ *.example.com’ -d 'example.com’ -d 'example.in’ — manual — preferred-challenges dns-01 certonly


#6

Hi,

That’s not the main issue…

The issue is you are having some misconfigurations for your domain… It always instruct users to connects to Cloudflare dns resolvers…

Thank you


#7

Hi,

I have corrected our dns misconfiguration and also removed old wildcard ssl certificate for one domain and tried to setup for multidomain wildcardssl certificate. Still i’m getting error mentioning below command as well as error:

$ sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d ‘*.abc.com’ -d ‘abc.com’ -d ‘example.in’ --manual --preferred-challenges dns-01 certonly

Output:

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. example.in (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.in

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: example.in
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.example.in

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

Thanks.


#8

Hi,

The misconfiguration issue seems to be resolved, however, could you please verify if you have the right domain?

(Run nslookup _acme-challenge.agamiecom.in on Windows machine, or go to a text record testing site try to pull the verification token as a text record from required validation domain)

Thank you


#9

I Run nslookup _acme-challenge.agamiecom.in on Windows machine. it is replying local ip.
Please give solution or reference link to setup multi domain wild card ssl certificate with nginx.


#10

Hi @abhishek2

this command

is wrong. Add a dot at the end. And it must be a txt - query. So:

nslookup -type=txt _acme-challenge.agamiecom.in.

But there is no entry, so (you use --manual) you have created the wrong dns entry (or the domain name is wrong).


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.