LetsEncrypt certificate for nested wildcard subdomain

Question

I've generated Lets Encrypt wildcard certificate for my domain *.domain.com.

I thought this certificate is valid for any nested subdomain *.*.domain.com, like it.*.domain.com or fr.*.domain.com. But browsers giving me error, that wildcard certificate was issued for domain.com, and not for *.domain.com. I've tried to issue new certificate for *.*.domain.com with CertBot and it's giving me error (multiple wildcards not allowed).

Is it possible to achieve this, or do I have to manually issue wildcard certificates for each 1st level subdomain?

Craig Watson · Accepted Answer · 2020-04-07T14:45:41.073

10

The CertBot error you're seeing is accurate - SSL certificates are only valid for one domain layer - for example *.domain.com or *.fr.domain.com or *.example.domain.com. More information - specifically the RFC quote - is in this SF answer.

If you need subdomains of subdomains, you will need to create wildcards for each individual subdomain.

edited Apr 07 '20 at 14:45

answered Apr 07 '20 at 14:44

Craig Watson

9,790

LetsEncrypt certificate for nested wildcard subdomain

1 Answers1