Home / server / Questions / 1012218
Accepted
Basj
Asked: 2020-04-15 01:23:42 +0800 CST

Letsencrypt for all subdomains *.example.com [duplicate]

  • 772

I'd like to obtain one certificate working for all my subdomains *.example.com.

This works: 

certbot-auto certonly --webroot --webroot-path /home/www/example/ --domain example.com 
                                --domain www.example.com --email [email protected]

but this (with *.):

certbot-auto certonly --webroot --webroot-path /home/www/example/ --domain example.com 
                                --domain *.example.com --email [email protected]

fails with:

Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

How to use certbot-auto to generate a certificate for *.example.com?

https ssl-certificate certbot lets-encrypt

1 Answers

  1. Best Answer

    As mentioned in a comment, the solution is to use DNS challenge validation, like here: How to use Let's Encrypt DNS challenge validation?.

    First remove your previous certificate (if needed) with:

    certbot-auto delete

    Then generate a new certificate with a DNS challenge:

    certbot-auto -d *.example.com -d example.com --manual --preferred-challenges dns certonly

    Then copy/paste the TXT challenge, into your DNS settings, something like:

    _acme-challenge.example.com TXT Chs768564536576SDGdG6SQDYTZAEq

    Restart apache if needed, and it works.

    PS: in my case, no installation of an authenticator plugin was needed (is it probably installed out of the box?)

    • 11