Wildcard Cert for multiple sub domains?

Just a simple question. How to create a wildard cert that covers all of my sub domains.
My system is an Ubuntu 18.04 server mydomain.us, running v3.0 LXD. I have multiple LXD containers. I also have a constainer hosting HAproxy. The host uses port (80, 443 and others) forwarding to HAproxy. HAproxy forwards to the containers based on subdomain such as test.mydomain.us.

My question is how to create a single cert that applies to all subdomains and where to create it…in the host or in the HAproxy container? I hope my description makes sense?

Thanks,

Ray

If you mean that you want one single cert to cover, as an example:

*.sub1.your.domain
*.sub2.your.domain
*.sub3.your.domain
...
*.sub99.your.domain

Yes, that can be done.
The hard limit is that a single cert can only have 100 entries in it.
So you won’t be able to put 101 or more into one single cert.

To answer you question:

There is only one way: Using DNS authentication.
Which means you will need an ACME client as well as a DNS service provider that supports it.

Now to:

That can mostly be a matter of preference or maybe security concerns.
If you handle all of the systems affected, then you should be able to make such an executive decision.
I would do it on the closest device to the Internet.
Preferably a proxy and just proxy all the requests to their respective end points.
[possibly via HTTP internally - if that is not an issue]

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.