Geek Answers Handbook

Multiple Encryption Subdomains

I have an attractive message indicating that, unfortunately, it is not possible to create a certificate for several subdomains:

Wildcard domains are not supported: *.mynewsiteweb.com

On the other hand, one could generate one for each subdomain.

Is there a better solution? Thanks:)

+5
source share
5 answers

unfortunately, it is not possible to create a certificate for several subdomains

Not true . You can create a certificate for several subdomains. Just include these subdomains in the configuration file by their names:

 domains = example.org, www.example.org, sub.example.org, www.sub.example.org

Then run certbot with the configuration file:

 certbot-auto -c config.ini

You will need to verify ownership of each domain.

Learn more about the configuration file.

+5
source

I just went through the process of creating one Let Encrypt certificate for several subdomains. There were some minor issues that I ran into and resolved. I posted a short article in the link below explaining the lessons learned from installing Let Encrypt digital certificates on my Apache web server, which provides HTTP and HTTPS access to several subdomains.

My most important “lesson learned” is that you need to create VirtualHost for HTTP access and VirtualHost for each subdomain accessible via HTTPS. IMPORTANT: Each VirtualHost definition must be specified in one configuration file. The Let Encrypt certificate will not work correctly if multiple virtual hosts are defined in the same configuration file. I defined three (3) VirtualHosts in the three (3) different configuration files below. The dummy.conf file does not perform any functional tasks in Apache (that is, it will not call an unnecessary 999 listening port), but it is absolutely essential that digital certificates be successfully generated using certbot Let Encrypt.

Web server configuration

Then you can run the following command to create the certificate:

 certbot certonly -d example.com -d www.example.com

https://www.hueyise.com/index.php/letsencrypt

+3
source

Enables encryption of support for SSL wildcards / multiple subdomains starting February 27, 2018.

We introduced the public test API endpoint for the ACME v2 protocol and wildcard support on January 4, 2018. ACME v2 and wildcard support will be fully available on February 27, 2018.

Source: https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

+1
source

Wildcard domains are now supported by certbot (from version 0.22)

The domain must be verified using DNS (you will need to add the _acme-challenge.yourdomain.tld TXT record to your DNS record with a randomly generated value)

Example:

 certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d *.example.pl --manual --preferred-challenges dns-01 certonly
0
source

Before wildcard support, I found it necessary to explicitly specify each domain in the certificate in the form

 -d example.com -d www.example.com -d blog.example.com -d www.blog.example.com

(that due to the difficulties in odd connection of the forwarded domains I use the best authentication work --webroot).

Thanks to Trojan's description and documentation here:

https://certbot.eff.org/docs/install.html?highlight=wildcard

I managed to create the wildcard certificates that now live. Unfortunately, there is no plug-in for EasyDNS.com yet, so I had to perform a manual check (for example, Trojans saved this day). With this approach, I was able to generate a certificate in the form

 -d *.example.com -d example.com -d *.blog.example.com

Since (for example, sake) blog.example.com was already included with the * .example.com wildcard, I needed to add a template for * .blog.example.com. In fact, certbot does not allow redundancy (complained if I tried to include both: .example.com and www.example.com).

Currently plugins are available:

https://certbot.eff.org/docs/using.html#dns-plugins

At the time of this writing, they included these DNS providers:

  • certbot-DNS-CloudFlare
  • certbot-dns-cloudxns
  • certbot-dns-digitalocean
  • certbot-DNS-dnsimple
  • certbot-DNS-dnsmadeeasy
  • certbot-DNS for Google
  • certbot-dns-luadns
  • certbot-dns-nsone
  • certbot-DNS-RFC2136
  • certbot-DNS-route53

Maybe I'll take a look at the weekend and see how difficult it is to write a plugin for my own DNS provider.

0
source

More articles:


All Articles