certbot wildcard cert not a wildcard

Question

I did the following:

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.someDomainlab.com

and got results:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/someDomainlab.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/someDomainlab.com/privkey.pem
This certificate expires on 2022-08-16.
These files will be updated when the certificate renews.

however when i test wildcard based on This link, i get the following result:

CN=someDomainlab.com

which tells me its not wildcard. I did a dig on _acme-challenge.someDomainlab.com and that returned what certbot told me to add.

what am i missing?

edit:

in the ssl_error.log i see this line when i do the command to test:

[Wed May 18 12:52:23.763857 2022] [core:debug] [pid 7607] protocol.c(1447): [client 192.168.183.1:51660] AH00566: request failed: malformed request line

score 1 · Accepted Answer · answered May 18 '22 at 17:25

You need to quote the domain, so the shell doesn't try and expand the asterisk in *.someDomainlab.com. Use -d '*.someDomainlab.com' like this:

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.someDomainlab.com'

certbot wildcard cert not a wildcard

1 Answers1

Linked