Wildcard certificate

Hello,

Thanks in advance for your help.

I tried to generate a wildcard certificate that works fine for simple subdomain.
$ sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual -d '*.domain.com'

But my wish would be to have a certificate for a virtual subdomain like “virtual.*.domain.com” because i use the macro module of apache.
So i entered this command :
$ sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual -d 'virtual.*.doomain.com'

I have no idea if this is a possible feature can’t find any documentations. My error message is :
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Obtaining a new certificate An unexpected error occurred: The request message was malformed :: Error creating new order :: DNS name had a malformed wildcard label Please see the logfiles in /var/log/letsencrypt for more details.

It is not. Unfortunately, only the leftmost label can be a wildcard. So you could have *.virtual.example.com but not virtual.*.example.com. This is a limitation of wildcard certificates in general, not specific to Let’s Encrypt.

2 Likes