I am using Let’s Encrypt on MDDHosting, which does not allow command line access, and I therefore cannot use CertBot. I’ve looked high and low for instructions on how to add wildcard support for sub-domains, but I can only find articles/posts that reference CertBot. MDDHosting says it can be done, but they won’t tell me how, They send links to this site, but they don’t have what I need. So I am basically asking if there is any other way it can be accomplished, so I don’t have to request new SSL certs for every sub-domain I add. I know this support was only recently added.
I believe MDDHosting use (or at least, used to use) a plugin that natively has wildcard support. Does searching or “Lets Encrypt” in the cPanel user interface come up with anything?
Also, what is your domain / is your domain using cPanel’s nameservers?
Yes, I have cPanel hosting, and using Let’s Encrypt I specified dns-01 SSL validation, and clicked Include Wildcard. And it just doesn’t work. And yes, my domains are using cPanel’s name servers. I read somewhere that I might have to add a record to DNS to make this work, but it didn’t offer specific instructions.
You'll need to be way more specific with what "doesn't work". Error message? Certificate doesn't apply to the domain you expected?
How are your subdomains setup in cPanel? Are they separate virtual hosts or do you have a bunch of subdomain aliases going to the same virtual host (e.g. a WordPress multi-site)? Or do you have a *.example.org virtualhost?
You don't need to setup any records. The docs for using the feature are here.
The certificates to the sub-domains (all single-instance WordPress installs) don’t get issued – only the top level domain name gets certified. I clicked on the link you provided, and followed the instructions to the letter. When I click on the sub-domain, I get the message: “Your connection is not private”
So, when issuing a certificate, you are issuing it for a specific virtual host (be it the primary domain, or an addon domain, or a subdomain).
That certificate is only installed onto the virtual host for which you configured it, rather than onto every virtual host for which it could be installed.
For your WordPress subdomains (which are virtual hosts in their own right), you will need to individually issue certificates for each one.
I hope one day to improve that functionality so that a wildcard can be “shared” between virtual hosts. Unfortunately changing the solver to be able to do this would require some major and complex changes, so it’s not yet happened. Sorry!
(And, for what it’s worth, you can use the SSL/TLS interface to cross-install an existing wildcard to your other virtual hosts, but of course this isn’t an acceptable solution because it doesn’t happen automatically at renewal).
Okay, I understand. MDDHosting thinks that because *.domain.com is listed under Alt Names, then all those wildcards should get automatically certified. I will share this info with them so others like me in the future won’t press the issue.
Just wanted to post an update that I’ve released the functionality to re-use wildcards between virtual hosts, so it should be available to you soon, once your cPanel server runs its scheduled updates.