Wildcard subdomain cert doesnt work (before I created certs for main domain and another subdomains)

anibalardid · November 28, 2018, 7:52pm

Hi !
I have server on digitalocean with ubuntu 18.04 and apache.

I created (successfully) certs for my main domain, and some subdomains.

But i will create more subdomains, so I knew the option of wildcard certificate.

I tried with:
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.mydomain.com

It works ok, but If I put the certificates in new virtualhost (with port 443 and 80 redirecting to it)
It said that it isn’t valid certificate.

What can I check or what I do wrong ?

Best Regards!!!

cpu · November 28, 2018, 8:03pm

Hi @anibalardid,

Are you sure you included the base domain? It looks like you only provided -d *.mydomain.com and not -d mydomain.com. A wildcard for *.mydomain.com isn't valid for just mydomain.com - that needs to be added explicitly.

anibalardid · November 28, 2018, 8:06pm

Hi ! Thanks for your answer.

I previusly (a few days ago) only create certificate for main domain -d mydomain.com

Yesterday for example new cert, only for subdomain : -d subdomain.mydomain.com
with this command
sudo certbot --apache --redirect -d subdomain.mydomain.com

and Today I want to create wildcard …

how can I do in the correct way ?
I use this command:
sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.maindomain.com

cpu · November 28, 2018, 8:08pm

To make a certificate that is valid for both the main domain and its first level subdomains you would want to add two -d flags like so:

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d '*.maindomain.com'  -d maindomain.com

anibalardid · November 28, 2018, 8:21pm

Perfect !
I did it now …

It generates ok certificates overriding the maindomain cert.

In my apache virtualhost , for my subdomain I add the same lines that has maindomain
Example:
SSLCertificateFile /etc/letsencrypt/live/maindomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/maindomain.com/privkey.pem

But in browser saidme that certificate is not valid (I restarted apache)

cpu · November 28, 2018, 8:24pm

Great!

It would be a lot easier to debug this if you could share the domain name in question so I could visit it as well.

If you aren't able to do that can you share more information about your browser and the specific error message?

anibalardid · November 28, 2018, 8:26pm

It’s done … i had the previous certificates =)

I deleted it in /live, /renewal and /archive
delete the old virtualhost’s and WORKS !

BEST REGARDSSSSSSS !!!

You are my angel =)

cpu · November 28, 2018, 8:26pm

Excellent! Glad to hear you have things working now

anibalardid · November 28, 2018, 9:01pm

have a nice week, and thanks again !

system · December 29, 2018, 2:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard certificate Help	2	894	June 26, 2019
Domain and Subdomain on One Wildcard/Certificate on Nginx Help	6	5046	January 2, 2020
Wildcard on www.****.domain.com? How to? Help	2	993	June 22, 2018
Add wildcard to base domain certificate Help	6	1355	August 9, 2019
Why the wildcard certificate shows NOT SECURE without the www Help	3	5209	July 11, 2018

Wildcard subdomain cert doesnt work (before I created certs for main domain and another subdomains)

Related topics