0

how do i generate https for wildcard?

server {
    server_name subdomain.domain.com www.subdomain.domain.com *.subdomain.domain.com  ~^(.*)\.subdomain\.domain\.com$;

}

currently, for normal domains I generate certificates like this: 

sudo certbot --nginx -d example.com
Rafael Augusto
  • 467
  • 2
  • 12
  • 28
  • I am not sure how exactly to modify your command to reformulate it as a correct answer, so I'll just comment, but recently I followed this tutorial and worked like a charm https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7 – Tarmo May 26 '20 at 18:08
  • https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-wildcard-certificates – Richard Smith May 26 '20 at 18:36

3 Answers3

1

For wildcard just add another entry with *

sudo certbot --nginx -d *.example.com -d example.com

You can further refer here Let's Encrypt: Wildcard Certificate With Certbot

Abhishek J
  • 2,386
  • 2
  • 21
  • 22
  • This comment will work ( IE return without an error ) but it will not issue a wildcard certificate. Instead, if you were to have say : server_name example.com test.example.com test2.example.com It will make it so it's just doing those three and saving you time from having to write them all out separately, it will not however do a true wildcard allowing you to proactively have SSL on test3.example.com etc. DNS is required for that. – conrad10781 Nov 28 '22 at 16:21
1

I used following to generate wildcard certificate and it worked like charm. Here we are doing dns challenge hence you should have access to your dns to make entries that will be read while create certificate.

sudo certbot certonly --manual   -d *.example.com   -d example.com \ 
--email admin@example.com   --agree-tos \ 
--preferred-challenges dns-01 \ 
--server https://acme-v02.api.letsencrypt.org/directory

Hope this information will help you

Abhijit
  • 46
  • 4
0

with your command you are issuing a Certificate via HTTP-Challenge. Let's Encrypt doesn't support issuing Wildcard-Certificates via HTTP-Challenge.

Here is a link about challenge types supported by Let's Encrypt: https://letsencrypt.org/docs/challenge-types/

For Wildcard-certs you need to issue the Certs via DNS-Challenge. Therefore you need API-Access to your hosting provider or dynamic dns provider. Certbot offeres some Plugins for some of them, here is a link to the Certbot-DNS-Plugins-Site: https://certbot.eff.org/docs/using.html#dns-plugins

If your provider isn't listed you can't issue Wildcard-Certs with Certbot. There are some other tools which supports DNS-Challenges for Let's Encrypt like acme.sh, here is a link to the Github-Repository: https://github.com/acmesh-official/acme.sh

I hope I could help you with this information.

Bananenkönig

Bananenkönig
  • 547
  • 4
  • 12