Wildcard subdomain cert doesnt work (before I created certs for main domain and another subdomains)


#1

Hi !
I have server on digitalocean with ubuntu 18.04 and apache.

I created (successfully) certs for my main domain, and some subdomains.

But i will create more subdomains, so I knew the option of wildcard certificate.

I tried with:
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.mydomain.com

It works ok, but If I put the certificates in new virtualhost (with port 443 and 80 redirecting to it)
It said that it isn’t valid certificate.

What can I check or what I do wrong ?

Best Regards!!!


#2

Hi @anibalardid,

Are you sure you included the base domain? It looks like you only provided -d *.mydomain.com and not -d mydomain.com. A wildcard for *.mydomain.com isn’t valid for just mydomain.com - that needs to be added explicitly.


#3

Hi ! Thanks for your answer.

I previusly (a few days ago) only create certificate for main domain -d mydomain.com

Yesterday for example new cert, only for subdomain : -d subdomain.mydomain.com
with this command
sudo certbot --apache --redirect -d subdomain.mydomain.com

and Today I want to create wildcard …

how can I do in the correct way ?
I use this command:
sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.maindomain.com


#4

To make a certificate that is valid for both the main domain and its first level subdomains you would want to add two -d flags like so:

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d '*.maindomain.com'  -d maindomain.com

#5

Perfect !
I did it now …

It generates ok certificates overriding the maindomain cert.

In my apache virtualhost , for my subdomain I add the same lines that has maindomain
Example:
SSLCertificateFile /etc/letsencrypt/live/maindomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/maindomain.com/privkey.pem

But in browser saidme that certificate is not valid (I restarted apache)


#6

Great!

It would be a lot easier to debug this if you could share the domain name in question so I could visit it as well.

If you aren’t able to do that can you share more information about your browser and the specific error message?


#7

It’s done … i had the previous certificates =)

I deleted it in /live, /renewal and /archive
delete the old virtualhost’s and WORKS !

BEST REGARDSSSSSSS !!!

You are my angel =)


#8

Excellent! :tada: Glad to hear you have things working now :slight_smile:


#9

have a nice week, and thanks again !