Wildcard sub domain not working

mctrivia · October 11, 2020, 1:10am

My domain is: digiassetx.com
My web server is (include version): nodejs+express
The operating system my web server runs on is (include version): ubuntu 18.04 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

My problem is that www.digiassetx.com works but digiassetx.com says invalid cert.

Domain on cert is: *.digiassetx.com
i did try modifying the cert by running: sudo certbot certonly --cert-name digiassetx.com -d *.digiassetx.com,digiassetx.com
but this gives me the error:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

pretty sure last time i renewed certbot I had to put some values in my DNS records but it is not giving that option this time

_az · October 11, 2020, 1:12am

If you're not aware already, you can get Certbot to automatically issue and renew wildcard certificates using the Route53 integration.

You just need to install an extra Certbot DNS plugin:

sudo apt install python3-certbot-dns-route53

and then follow the instructions on Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation.

This will deal with creating all the TXT records and such for you.

griffin · October 11, 2020, 2:30am

Welcome to the Let's Encrypt Community, Matthew

I fully concur with _az, but I can help you revise your manual command though:

sudo certbot certonly --cert-name digiassetx.com --manual --preferred-challenges dns -d "digiassetx.com,*.digiassetx.com" --keep-until-expiring

As for digiassetx.com, it is currently serving a certificate that only includes *.digiassetx.com, which won't work. Oddly, there is a newer certificate that is not currently being served. Restart the webserver?

Wrong certificate being served:

Complete certificate history:

mctrivia · October 11, 2020, 4:19am

thank you so much for the help you where both correct. The plugin fix the renewal problem but I also had to restart the server to get it to serve the new certificate.

rg305 · October 11, 2020, 6:37am

Sounds like the perfect place for the --deploy-hook to do its' magic.

system · November 10, 2020, 6:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard subdomains work only if previously visited after installing certificate Help	7	1042	July 23, 2020
Wildcard subdomain cert doesnt work (before I created certs for main domain and another subdomains) Server	9	2500	December 29, 2018
CERTBOT_DOMAIN for wildcard domains Help	7	2217	May 31, 2020
Certbot wildcard certificate invalid for base domain Help	10	13872	May 9, 2018
Wildcard with rfc2136 dns challenge Help	20	7431	June 28, 2018

Wildcard sub domain not working

Related topics