TechQA.

Wildcard certificate for Subdomains?

1.3k views Asked by At

I am in a situation where i have to use HTTPS. (chrome decided to stop getUserMedia in HTTP ).

The Question is, is it possible to assign wildcard Domains? Here are a few of my sites

  1. test.nfgold.me
  2. slave.nfgold.me
  3. *.nfgold.me

Currently without using HTTPS, I have the following configuration in my nginx:

server {
    server_name *.nfgold.me;-
    charset utf-8;

    .....
}

And this works without fail.

I have used letsencrypt in a few of my projects but it does not seem to support wildcards?

I tried the following config and it does not work:

server {
        server_name .nfgold.me;
        rewrite ^ https://*.nfgold.me$request_uri? permanent;
    }

server {
        server_name .nfgold.me;
        rewrite ^ https://*.nfgold.me$request_uri? permanent;
    }

server {
    listen 443;
    server_name *.nfgold.me;-
    charset utf-8;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/nfgold.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nfgold.me/privkey.pem;
    ....
    }

Is there an alternative for this?

ubuntu ssl nginx lets-encrypt
Original Q&A
3

There are 3 answers

2
Steffen Ullrich On BEST ANSWER

Is there an alternative for this ? Any Suggestion.

While Let's Encrypt does not give you wildcard certificates1 you can have a certificate with multiple subdomains. From their FAQ:

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Yes, the same certificate can contain several different names using the Subject Alternative Name (SAN) mechanism.

And of course you can shop for a wildcard certificate elsewhere, i.e. many CA offer these.

1 Starting with 01/2018 you can also get wildcard certificates from Let's Encrypt

0
Roger Camargo On

I've tried to create a detailed post explaining how to create a wildcard certificated. I hope this post can help:

sudo certbot certonly \
  --cert-name mydomain.com \
  --dns-digitalocean \
  --dns-digitalocean-credentials ~/.secrets/do_token.ini \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d "*.mydomain.com" \
  -d mydomain.com \
  -i nginx

The details can be found here: https://huogerac.hashnode.dev/add-wildcard-https-on-digital-ocean-using-certbot-ubuntu-20-nginx-cko511nxv04in83s15uxxbeea

0
Luis Lopez On

Try this for wildcard subdomains on lets encrypt, use DNS verification.

sudo certbot -d *.example.com --manual --preferred-challenges dns certonly

After this, you have to manually add the certificates routes to your server block.

Related Questions in UBUNTU

Related Questions in SSL

Related Questions in NGINX

Related Questions in LETS-ENCRYPT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions