Wildcard on www.****.domain.com? How to?


#1

Hello community!

I currently run Ubuntu 18.04 with Nginx on DigitalOcean and all my domains are transferred with them as well.
I was reading about how “www” is still important to be used on websites in general so I said why not lets do it.

My currently generated certificates are : *.domain.com and domain.com
I got them using this command : certbot certonly --manual -d domain.com -d *.domain.com --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

I saw that ANYTHING.domain.com seems to be working but when I add another layer for example like www.ANYTHING.domain.com the certificate is invalid. I was wondering how to get a wildcard certificate that can support WWW + Subdomain?

Thank you!


#2

Unfortunately, for wildcard certs, according to RFC6125, the wildcard has to be in the left-most label of the domain, and should only match against a single subdomain level.

  1. The client SHOULD NOT attempt to match a presented identifier in
    which the wildcard character comprises a label other than the
    left-most label (e.g., do not match bar.*.example.net).
  2. If the wildcard character is the only character of the left-most
    label in the presented identifier, the client SHOULD NOT compare
    against anything but the left-most label of the reference
    identifier (e.g., *.example.com would match foo.example.com but
    not bar.foo.example.com or example.com).

#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.