I currently run Ubuntu 18.04 with Nginx on DigitalOcean and all my domains are transferred with them as well.
I was reading about how “www” is still important to be used on websites in general so I said why not lets do it.
My currently generated certificates are : *.domain.com and domain.com
I got them using this command : certbot certonly --manual -d domain.com -d *.domain.com --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
I saw that ANYTHING.domain.com seems to be working but when I add another layer for example like www.ANYTHING.domain.com the certificate is invalid. I was wondering how to get a wildcard certificate that can support WWW + Subdomain?
Unfortunately, for wildcard certs, according to RFC6125, the wildcard has to be in the left-most label of the domain, and should only match against a single subdomain level.
The client SHOULD NOT attempt to match a presented identifier in
which the wildcard character comprises a label other than the
left-most label (e.g., do not match bar.*.example.net).
If the wildcard character is the only character of the left-most
label in the presented identifier, the client SHOULD NOT compare
against anything but the left-most label of the reference
identifier (e.g., *.example.com would match foo.example.com but
not bar.foo.example.com or example.com).