Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: https://*.dbcleanse.nz
I ran this command: sudo certbot -v
It produced this output: Not suggesting name “*.dbcleanse.nz”
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 310, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 526, in enforce_le_validity
“Valid characters are A-Z, a-z, 0-9, ., and -.”.format(domain))
certbot.errors.ConfigurationError: *.dbcleanse.nz contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
My web server is (include version): nginx version 1.15.8
The operating system my web server runs on is (include version):Ubuntu 18.04.3
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no - digital ocean droplet - I log on via terminal
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Wildcard cert requests require DNS authentication which in turn has additional requirements.
Please read through the different challenge types: https://letsencrypt.org/docs/challenge-types/
Thanks for your response - I can’t see a solution in those challenges. The problem I am having is that the root domain re-directs to another site on my server. The SSL is working on the sub-domains and if I remove the Wildcard on the server name then the root domain is fine also…
This is my hosts file … can you see anything obviously wrong?
I’m not sure about the certbot warning output (Maybe due to the fact it’s required to use DNS challenge and you used http based), but your root domain not working problem looks like a easy solve.
Since you already got a certificate on your wildcard domains with DNS authorization, you should add the root domain into the same certificate with DNS challenge.
For example: sudo certbot -d *.dbcleanse.nz -d dbcleanse.nz (instead of only a wildcard or only root, since those would use a single txt record)
It looks like to me now your root site have a security error (mismatch), because when I visited the website on root domain, I see the wildcard certificate (that doesn’t include root domain).
Is this the issue you are encountering?
Or do you want to add both your wildcard domain and root domain into a single server host?