Wildcard certificate request failed. A non wildcard certificate was issued instead

I’ve tried to issue a wildcard certificate for hostip.dev

I ran this command:
certbot certonly --manual -d *.hostip.dev -d hostip.dev --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

When I check with openssl, It looks like a non wildcard certificate has been issued:
echo | openssl s_client -connect abcd.hostip.dev:443 2>/dev/null | grep hostip.dev
0 s:CN = hostip.dev
subject=CN = hostip.dev

I’d expect to see *.hostip.dev if the certificate was a wildcard.

Additionaly as you would expect, curl does not recognise the certificate as valid for a random subdomain:
curl https://abcd.hostip.dev
curl: (60) SSL: no alternative certificate subject name matches target host name ‘abcd.hostip.dev’
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

1 Like

What does “sudo certbot certificates” show?

You did issue a wildcard certificate – in April.

1 Like

Heres the output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: service.hostip.dev
Domains: service.hostip.dev hostip.dev
Expiry Date: 2020-08-16 09:06:08+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/service.hostip.dev/fullchain.pem
Private Key Path: /etc/letsencrypt/live/service.hostip.dev/privkey.pem


This same certificate keeps getting issued to me, even if I purge certbot, delete /etc/letsencrypt (Ubuntu 20.04, apt-get purge certbot) then reinstall it.

Actually what you might find is Netlify requested a letsencrypt wildcard certificate on my behalf. However, they have no export function (at least none I could find from googling). I set up Netlify back in April.

I only intended the Netlify certificate to be for my static website (https://hostip.dev)

Now I’d like to use other subdomains for my back end APIs, so I’m trying to get my own wildcard certificate that I can use for multiple subdomains and plug into my nginx server.

1 Like

If there’s a file or directory named service.hostip.dev in the current directory, your shell will expand *.hostip.dev to service.hostip.dev. Quote or escape it to prevent that.

Don’t issue too many duplicate certificates.

Ah. Sure, that makes sense. :smile: For what it’s worth, unless you have tons of subdomains, you don’t really need a wildcard certificate. Often just listing all of the names works fine.

1 Like

This was the problem. I had my API code in my home folder under that name. So I quoted the host, which got me a valid wildcard certificate.

I’m planning to allow people (via a new tool I’m building) to serve websites from localhost under custom/randomly generated subdomains, so in my case there probably will be alot of subdomains over time, most of them I won’t know about in advance.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.