Wildcards only partly wild?!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
fletchers-uk.com
I ran this command:
Commands all executed successful
It produced this output:
(partly) working certificate
My web server is (include version):
Apache - version unknown
The operating system my web server runs on is (include version):
Linux - no other details know
My hosting provider, if applicable, is:
Midphase.com
I can login to a root shell on my machine (yes or no, or I donā€™t know):
yes, but with limited privileges (no root access)
Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):
Cpanel ?68.0.33

After a few false starts, I was able to use certbot-auto to produce a wildcard certificate for my fletchers-uk,com domain, and with very little further difficulty I was able to upload the private key and install the certificate on my ISPā€™s servers. It works for the primary domain and for a moodle installation in one of its subdirectories, it works for the www. alias, and my ISPā€™s Cpanel shows that it is working for a number of ā€˜subdomainsā€™ (mailā€¦, cpanelā€¦, webmailā€¦) which I donā€™t use but I believe that the ISP automatically creates for each domain. It does not, however, work for my two real subdomains, pfletch.fletchers-uk.com and chris.fletchers-uk.com, which point to distinct and separate folders on my host (but are included in the same hosting contract). Even more strangely, when I display the ā€œdetailsā€ for the security warning that I get if I try to browse to https://pfletch.fletchers-uk.com, I get the following information:

pfletch.fletchers-uk.com uses an invalid security certificate.
The certificate is only valid for the following names: ashgohil.com, www.ashgohil.com.
The certificate expired on Friday, February 9, 2018, 5:59 PM. The current time is Thursday, March 22, 2018, 3:10 PM.
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Note the weird names on the alleged certificate.

My ISP unfortunately adamantly refuses either to support LetsEncrypt certificates or to help with problems with certificates from any suppliers other than the commercial one they have a relationship with.

Does anyone have any idea what is going on here, and/or how it might be fixed. I do have access, through Cpanel, to most of my DNS settings, if that helps.

You need to install the certificate to the subdomain separately.

Primary domains, addon domains and subdomains in cPanel are distinct virtual hosts.

Go to SSL/TLS Manager in cPanel -> Install SSL -> Select your subdomains -> Select the wildcard certificate -> Install Certificate.

4 Likes

Wildcards only partly wild?!

I promise our wildcards are as wild as they come! :lion::lock::boom:
Prices so low you'll go wild too! :money_with_wings::speak_no_evil: :exclamation:

(Thanks for providing a real answer @_az :slight_smile: )

4 Likes

Thanks for the incredibly fast and helpful response!!
That worked perfectly, but I think that the ISP could have unbent enough to tell me that that was what I needed to do (which I am sure their tech knew). Sigh!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.