Multiple subdomains with lets encrypt

Prior to support for wildcards I found it necessary to explicitly list each domain on a certificate in the form

… -d example.com -d www.example.com -d blog.example.com -d www.blog.example.com …

(which due to complexities in the odd mix of redirected domains I’m using worked best with the –webroot authentication).

Thanks to Trojan’s explanation and documentation here:

https://certbot.eff.org/docs/install.html?highlight=wildcard

I was able to generate wildcard certs that are live now. Unfortunately there is not a plugin for EasyDNS.com yet, so I had to perform manual validation (Where Trojans example saved the day). With this approach I was able to generate a certificate in the form

… -d *.example.com -d example.com -d *.blog.example.com …

Since (for example’s sake) blog.example.com was already covered by the *.example.com wildcard, I only had to add the wildcard for *.blog.example.com. In fact certbot would not allow redundancy (complained if I tried to include both *.example.com and www.example.com).

Currently available plug-ins are listed here:

https://certbot.eff.org/docs/using.html#dns-plugins

As of this writing they include these DNS providers:

  • certbot-dns-cloudflare
  • certbot-dns-cloudxns
  • certbot-dns-digitalocean
  • certbot-dns-dnsimple
  • certbot-dns-dnsmadeeasy
  • certbot-dns-google
  • certbot-dns-luadns
  • certbot-dns-nsone
  • certbot-dns-rfc2136
  • certbot-dns-route53

Perhaps I’ll take a peek over the weekend and see how hard it is to write a plug-in for my own DNS provider.

Leave a Comment