I’m trying to get wildcard certificates to work for my rescopa.com domain. I’m using a docker-compose project from Mailu. It instantiates an Apline based nginx container for the front end which has certbot running hourly to generate certificates.
When I try to access the smtp.rescopa.com domain (to send some mail, fwiw), the certificate returned is for rescopa.com. Not *.rescopa.com. As a result, Thunderbird refuses to complete the SMTP request.
From reading the docs, it looks like the command below should issue wildcard certificates. Is there some other configuration I need to do? There is a mention of some kind of DNS hook, but certbot is run standalone, so I’m not sure what might need hooking.
Thanks for any help or doc links.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: certbot -n --agree-tos -d “.rescopa.com,.thefamilycore.com” -m email@example.com certonly --standalone --cert-name mailu --preferred-challenges http --http-01-port 8008 --keep-until-expiring --rsa-key-size 4096 --config-dir /certs/letsencrypt --post-hook /config.py
It produced this output: Pastebin to bad certificate: https://pastebin.com/6nQByyCi
My web server is (include version): nginx v1.12.2
The operating system my web server runs on is (include version): Alpine linux v3.7.0
My hosting provider, if applicable, is: Not really applicable, but I’m running a VPS hosted by IOZoom.com out of L.A.
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No