Thanks for the reply,
Web Services SSL Certs are handled by two Load Balancers, Wildcard Certificates will be handled on the Load Balancers.
Mail Services will have SSL Certificate on the backend for SMTP 587 & 993 question is can i have two wildcard certificates on both Load Balancers aswell as backend Mail Server ? mx1, mx2 ?
Reason why I have, I have configured BIND9 to allow domain.uk & *.domain.uk which works perfectly fine but the issue I have is i am trying to figure out how to add support for subdomains within /var/lib/bind/db._acme-challenge.domain.uk Zone. When I try and generate a SSL Certificate for subdomains I get a ServFail.
Ideally I want a Wildcard on the Load Balancers to serve services with a wildcard and a SSL Certificate on mail server side for smtp.domain.uk, imap.domain.uk and mail.domain.uk but I can't seem to figure out how to add subdomains to the zone. API with BIND works with generating wildcard SSL Certs and subdomains so I know it's not that.
Here is a example for the zone I have this works perfectly fine with Generating Certificates for domain.uk & *.domain.uk.
$ORIGIN _acme-challenge.domain.uk.
$TTL 43200 ; 12 hours
@ IN SOA ns1.domain.uk. noc.domain.uk. (
2025012606 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
IN NS ns1.domain.uk.
IN NS ns2.domain.uk.
So I then added the following to the zone for the subdomain but still doesn't seem to work.
$ORIGIN _acme-challenge.domain.uk.
$TTL 43200 ; 12 hours
@ IN SOA ns1.domain.uk. noc.domain.uk. (
2025012606 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
IN NS ns1.domain.uk.
IN NS ns2.domain.uk.
smtp IN TXT ""
I've got it partially working but not with subdomains.
Regards