Wildcard Certificates

I got a wildcard for two domains ssh3112.com and surlysavedhangler.com and www works but the domains don’t. I suppose we could add a redirect for the domains to www but is this by design?

So www.ssh3112.com and $any.ssh3112.com works great but ssh3112.com throws a cert error for the customer/client.

I love what ur doing here…it is sooo appreciated and respected. Thank you!

1 Like

Yes wildcard by itself doesn't cover base domain. You are free to add base domain as another SAN though


Thanks orange, im using certbot on centos and it’s brilliantly easy, can u point me in the right direction? I could probably stumble and stammer onto the right doc eventually but if ya got one, could ya share it? Shameless I know, I’m sorry :slight_smile:

Most likely multiple -d options, make not sure to it'd create new one or modify old renewal config


I tried that…but I didn’t try 4 -d in one command

• *.ssh3112
• *.surly
• ssh3112
• surly

I’ll try that.

1 Like

I got it working and u helped greatly, thank you!


False alarm, it doesn’t work. I’m using nginx with one server block and 3 certificate entries.

• ssh3112
• surly
• *.ssh3112 *.surly

And now only the first two work, the wildcard doesn’t. More investigation I guess.

Assuming you are using Cerbot:

certbot certificates will show what certificates are being managed.

you may need to manually update the apache/nginx config files to use the right certificates. your specific onboarding/enrollment of adding the domain names afterwards may have complicated the automatic installer.

also, I would suggest descoping this into 2 certificates, one for each "registered" domain. e.g. "example.com + *.example.com" on a cert. This will avoid issues/work required if one domain is sold / registration lapses / dns botched / misc issues. That happens often.


Yeah, I think ur right. Can I just delete the certs and start over? Is that descoping? I can look it up too.

I think I found an answer, mv /etc/letsencrypt

Also, it’s difficult to articulate how epic this is. It’s been years since I messed with certs. They used to be not cheap and wildly painful and slow…this is none of that.

Just brilliant, I am so impressed.

If this is a gvt something, the rest of our gvt could use lotsa “this” epic goodness.


No, please do not modify those folders manually. Think of them as the certbot database and only use its commands to modify the contents

certbot delete --cert-name X


certbot certificates

Also see below if deleting certs already in use


It is not :slight_smile:


Roger that, thank you so much!


Bingo! Brilliant…thank you so much.