I have successfully installed letsencrypt certificates using certbot for my domain and a few subdomains. These are all working fine.
Now I want to obtain certificate for wildcard subdomain domain, so that any subdomain i use, e.g https://abc.domain.com will work
I have followed this help here
but I’ve not done the last step which is
./acme.sh --issue --dns dns_linode_v4 -d example.com -d *.example.com --dnssleep 900
What I am in doubt about now is this:
Do I have to delete the existing certificates which was done for the subdomains earlier since I am generating a wildcard subdomain certificate?
If yes, how?
If yes also, do I perform number 1 here first before running that acme command above or run it before deleting existing certificate
After obtaining the certificate, will I replace what is currently being used in the SSL interface on virtualmin ?
I am a newbie, so alot of things are still confusing.
Please don’t get tired of me
Just use webmin to manage your dns rather than your registrar’s dns. This does get the wildcard cert issued, but why do you need a wildcard cert that is the question
Using Webmin/Virtualmin, I have not been able to get Letencyrpt to issue widlcard certs… It keeps giving me one error or the other.
I only managed to get success when I do it via terminal.
I need wildcard cert because I have built a ternary application whereby each user has a subdomain, e.g jim.domain.com.
Now I want to provision ssl for such subdomains, cos they are creating dynamically by the users
If that’s the case research bind, as your nameservers need to be on a webmin instance I use two independent webmin servers and cluster them however @stefan1959 has better luck than I do using a single dns server. When you use certbot you have to add a record to dns before the cert is issued, webmin can do this automatically but in order to do that webmin must manage the dns records
So, how do I go about this wildcard certificate using certbot, and or acme.sh , considering that I have used certbot to provision for the main domain and some subdomains already
You don’t need a wild card for that. Every virtual server you create will have it’s own SSL Cert upon creation including any sub-server.
Just make sure before you create a sub-server that you have an A Record, including AAAA if needed setup for it in your DNS Server first. This way things go smoothly…
You shouldn’t have to do that, perhaps this was a result of your DNS entries not set correctly the first time. Now you are familiar with your DNS provider and all records are setup accordingly and you have DNS feature turned off on your Virtualmin server then all should work within Virtualmin when creating an Let’s Encrypt Cert.
Now in your application, when your users signup, they get a subdomain url. Meaning that cyberndt signs up, and gets cyberndt.example.com, because I have configured a CNAME record to allow *.example.com
So how do I provision SSL for any of these additional subdomain created
I see, and I understand… You would have to read up on what commands to use for acme.sh I believe would be the one to use.
You need to run a command that would give you TXT entries to put into your DNS records, so they can validate it is your Domain, that is the only way they will issue you a wildcard…
When I was using Cloudflare, I didn’t even have this issue at all. I just add the CNAME record to allow wildcard *.domain.com
But now that I am no longer using Cloudflare, I want to be able to allow any subdomain to have SSL enabled. I just need https on the browser that’s all.
I believe there is a solution for this on Ubuntu, maybe not on virtualmin.
Please correct me if I am wrong
As stated a few times now you need to have virtualmin/webmin manage your dns, everything will work if you do that. If your not comfortable about changing dns to virtualmin/webmin just run certbot manually to request the certificate, insert the code that certbot gives you into a dns txt record then press continue within the certbot program. You will have to remember to manually renew the cert also. I seem to remember a few posts ago you had already done that
yes I got this. but will I have to remove the previous certificates on the existing subdomains before issuing the wildcard certificates which will cover all subdomains ?
I have, but that said it works optimum if you have 2 webmin servers clustered, i don’t mind being the second dns server. I have a dev server running which could do that, but as @stefan1959 has pointed out you can do it with one server
Oh no! not me… I would at least have to be running 2 separate DNS servers if I was going to do it…
Not only that, I have well over 180 some odd records on one domain alone that runs host names for our email servers. With both ipv4 and ipv6 entries… It would be a nightmare to have that run ground on only one DNS server…