Wildcard Cert conflicts with MultiDomain Cert


#1

Hi all!

This is a picture of my situation:

I have a site hosted at SiteGround.co.uk (lets call it wild.co.uk) using a wildcard certificate from letsencrypt.org. Then i created a new site for multiple domains, one of which includes a subdomain from wild.co.uk. For this second hosting I got a multidomain certificate (not from letsencrypt.org).
Now I’m getting an email from letsencrypt.org stating that the certificate for this particular subdomain is about to expire.

Should I worry about this?

Best regards,
Daniel


#2

I think there might be a crossed wire here - Let’s Encrypt doesn’t issue wildcard certificates.

If you are actively using the Let’s Encrypt issued certificate with a server then you will need to renew it or visitors to that server will encounter an error due to the expired status of the certificate.


#3

Ok,

so maybe the ‘wildcard’ is not really a wildcard but SiteGround actually issues a letsencript cert for every domain registered with them?

In which case I would supposedly have a letsencrypt cert for the subdomain as well as the multidomain certificate.

I never requested SiteGround to issue a certificate for this subdomain, and in any case this was done in the last couple of months, i don’t think a certificate should expire after so short time.

So in your opinion, should I need to worry about any of my sites loose their certificate validities?

Best regards and thanks so much for your time


#4

Aha! That makes more sense! Thank you.

I’m not sure I understand completely. Could we talk in more concrete terms? Perhaps you could share the list of domains you are worried about, and the list of domains that were included in the body of expiration warning email you received. With those we can probably clear this up faster.


#5

Ok,
the domain i have registered with SiteGround is garmentprinting.co.uk.

The subdomain in question is payment.garmentprinting.co.uk (actually also www.payment.garmentprinting.co.uk, but i don’t really use this one, only the former).

This is the actual content of Let’s Encrypt mail,

From: expiry@letsencrypt.org
Subject: Let’s Encrypt certificate expiration notice
Date: 11 August 2016 at 12:00:43 CEST

Hello,

Your certificate (or certificates) for the names listed below will expire in 19 days (on 31 Aug 16 08:41 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

payment.garmentprinting.co.uk
www.payment.garmentprinting.co.uk

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

This payment.garmentprinting.co.uk, along with pago.garmentprinting.es are currently using the MultiDomain certificate a spoke of, not any letsencrypt certificate.

Best regards and again many thanks


#6

Is let’s encrypt supporting wild cards now? When I searched for this topic I only got a bunch of results saying that they do not and then this thread.

Can someone clarify and point to a link that explains how to install wild card certs if they’re available?


#7

As cpu said in his first response, it doesn’t seem like it … it was probably a misunderstanding of mine due to the fact that my hosting provider didn’t ask me if i needed a certificate for the newly registered subdomain and requested one anyhow (this is also a speculation of mine, I’m not sure how the certificate got issued at all).
Best regards


#8

Missed that. Thanks for the update.


#9

Thanks! This makes things much clearer.

Gotcha - I definitely also see a GoDaddy issued certificate when I visit these websites over TLS and not a Let’s Encrypt issued certificate.

So it looks like there were two Let’s Encrypt certificates that have been issued with some of your domain names. The first, the one that you are being emailed about, is https://crt.sh/?id=20776952 and covers two domains: [ www.payment.garmentprinting.co.uk, payment.garmentprinting.co.uk ] - it will expire Aug 31st.

The second, https://crt.sh/?id=21322813 covers two domains: [ pago.garmentprinting.es, payment.garmentprinting.co.uk ] - it will expire Sept 5th and you will likely receive a warning email for it too in the next few days.

If you didn’t issue either of those two Let’s Encrypt certificates (perhaps your hosting provided did it automatically) then it should be safe to ignore the email. It appears like you are only using your GoDaddy issued certificate and so the expiration will not affect you.

Hope that helps clear things up!


#10

Thanks, cpu!!

It is pretty much what i thought at first, just wanted a second opinion to be sure.

Best regards!!


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.