Let’s encrypt wildcard certificate successful but not working

R

Rambit

New member
Joined
Feb 19, 2022
Messages
3
Hi,
I am experiencing a problem with let’s encrypt cert.
I have added a domain
api.something.domain.com
Also added in my DNS zone
*.api.something.domain.com
Next I am generating wildcard certificate for
api.something.domain.com
The generation is successful but when I go to
mobile.api.something.domain.com
I get no SSL
when I go to
api.something.domain.com
All works fine

what am I missing?
 
You added a second level subdomain as a domain. That might not work.

If you ad a subomdomain like something domain.com and then create a certificate *.something.domain.com then it might work for the 3rd level (mobile).
Have a look here for some RFC explanation:
serverfault.com

Wildcard SSL certificate for second-level subdomain

I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer
serverfault.com serverfault.com

You also might need a separate acme TXT record as I found with Letsencrypt which also contains some explanation:
community.letsencrypt.org

Sub-subdomain (second level subdomains) and wildcard certificate

Hello, I’m using acme.sh on a FreeBSD iocage jail with nginx and other instances with apache24. I’m running at home a FreeNAS host which is exposed by a selfhost.de DynDNS through a Fritz!box. I want to know, if it is currently possible for me to use a wildcard certificate for...
community.letsencrypt.org community.letsencrypt.org
 
Richard G said:
You added a second level subdomain as a domain. That might not work.

If you ad a subomdomain like something domain.com and then create a certificate *.something.domain.com then it might work for the 3rd level (mobile).
Click to expand...
I don’t understand.
Your are saying that adding subdomain as domain might not work and in another sentence you are telling me to do so?
DA does not have a feature to request certificates for subdomains so that is why I added these as domains.

My issue is that my wildcard certificate works fine for api.something.domain.com but it doesn’t work for anything like *.api.something.domain.com
 
Rambit said:
Your are saying that adding subdomain as domain might not work and in another sentence you are telling me to do so?
Click to expand...
No that's not what I said.
You have to understand the difference between a subdomain and second and 3rd level subdomain. That's why I included the link, so you can see examples there of what is and what is not possible.

Rambit said:
My issue is that my wildcard certificate works fine for api.something.domain.com but it doesn’t work for anything like *.api.something.domain.com
Click to expand...
Yes I know. But you created a second level subdomain as domain, sub.sub.domain.com and then you can't create wildcards as far as I understand.
So more simply said:
*.api.something.domain.com -> for wildcard will not work.
*.something.domain.com -> for wildcard will work (if I understood correctly) and in this case you can also make api.something.domain.com and mobile.api.something.domain.com which should get a certificate, but the wildcard had to be as in this example.
Again, if I understood correctly.
 
SOLVED
It took me time to get back to this issue but:
Richard G said:
So more simply said:
*.api.something.domain.com -> for wildcard will not work.
*.something.domain.com -> for wildcard will work (if I understood correctly) and in this case you can also make api.something.domain.com and mobile.api.something.domain.com which should get a certificate, but the wildcard had to be as in this example.
Click to expand...
Thank you,
 
Rambit said:
It took me time to get back to this issue but:
Click to expand...
That's no problem, better late than never, I'm already happy that was the correct solution for you to get it working.

You're welcome!
And thank you for reporting back! (y)
 
Richard G said:
You added a second level subdomain as a domain. That might not work.

If you ad a subomdomain like something domain.com and then create a certificate *.something.domain.com then it might work for the 3rd level (mobile).
Have a look here for some RFC explanation:
serverfault.com

Wildcard SSL certificate for second-level subdomain

I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer
serverfault.com serverfault.com

You also might need a separate acme TXT record as I found with Letsencrypt which also contains some explanation:
community.letsencrypt.org

Sub-subdomain (second level subdomains) and wildcard certificate

Hello, I’m using acme.sh on a FreeBSD iocage jail with nginx and other instances with apache24. I’m running at home a FreeNAS host which is exposed by a selfhost.de DynDNS through a Fritz!box. I want to know, if it is currently possible for me to use a wildcard certificate for...
community.letsencrypt.org community.letsencrypt.org
Click to expand...
I have same problem but the above tip does not work for me.
I have added a domain sub1.domain.com in DA. Requested wildcard certificate for *.sub1.domain.com, the message I got was that the request was successful. However when I go to `something.sub1.domain.com` there is no ssl.
Maybe it is necessary to mention that the `something.` is dynamic. I don't have such directory or subdomain defined in DA. This is created dynamically when calling `sub1.domain.com`.
If you have any idea what the problem might be I would very much appreciate.
I have similar config on anotyher server ith DA and it works fine. By similar config I mean all settings in DA look same.
 
ok. In my case I needed to add server aliases in httpd.conf and nginx.conf for *.sub1.domain.com
 
Last edited:
You must log in or register to reply here.
Back
Top