I’ve tried to issue a wildcard certificate for hostip.dev
I ran this command:
certbot certonly --manual -d *.hostip.dev -d hostip.dev --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
When I check with openssl, It looks like a non wildcard certificate has been issued:
echo | openssl s_client -connect abcd.hostip.dev:443 2>/dev/null | grep hostip.dev
0 s:CN = hostip.dev
subject=CN = hostip.dev
I’d expect to see *.hostip.dev if the certificate was a wildcard.
Additionaly as you would expect, curl does not recognise the certificate as valid for a random subdomain:
curl: (60) SSL: no alternative certificate subject name matches target host name ‘abcd.hostip.dev’
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.