how to apply for wildcard certificate http method #1869

xianfeiqiang · 2023-03-14T10:31:51Z

xianfeiqiang
Mar 14, 2023

I got example.com through http and it works,
But *.example.com doesn't work

*.example only support dns type ?

docker run --rm        -v $PWD/lego:/.lego        -v /usr/share/nginx/html/acme-challenge:/acme        goacme/lego        --accept-tos        --email="[email protected]"        --http        --http.webroot="/acme" -d *.example.com     run

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/03/14 10:27:27 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/210758200707
2023/03/14 10:27:27 [INFO] [*.example.com] acme: Could not find solver for: dns-01
2023/03/14 10:27:27 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/210758200707
2023/03/14 10:27:28 Could not obtain certificates:
	error: one or more domains had a problem:
[*.example.com] [*.example.com] acme: could not determine solvers

Answered by ldez

Mar 14, 2023

Hello,

you cannot, only the DNS-01 challenge is able to get a wildcard certificate.

It's not a lego limitation but a Let's Encrypt limitation.

View full answer

ldez · 2023-03-14T11:41:03Z

ldez
Mar 14, 2023
Maintainer

Hello,

you cannot, only the DNS-01 challenge is able to get a wildcard certificate.

It's not a lego limitation but a Let's Encrypt limitation.

1 reply

xianfeiqiang Mar 15, 2023
Author

thank you for answer

kolinfluence · 2023-06-19T22:28:55Z

kolinfluence
Jun 19, 2023

@ldez how to do wildcard letsencrypt then? i'm doing so, not sure how to enable wildcard letsencrypt for all subdomains

letsencryptCfg := &tls.Config{
	MinVersion:     tls.VersionTLS12,
	GetCertificate: certManager.GetCertificate,
	NextProtos: []string{
		"h2", "http/1.1", acme.ALPNProto,
	},
}

1 reply

ldez Jun 19, 2023
Maintainer

I think you are mixing several things: this question is about the HTTP01 challenge (how to obtain a wildcard certificate), not how to use a certificate on an HTTP connection.

As I said, with Let's Encrypt, to get a wildcard certificate, the DNS01 challenge must be used.
When you have obtained a wildcard certificate through the DNS01 challenge, you can use it as a normal certificate.

Your snippet is missing a lot of contexts, so the only thing that I can say is: the wildcard certificate must be provided by GetCertificate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

how to apply for wildcard certificate http method #1869

{{title}}

Replies: 2 comments 2 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

how to apply for wildcard certificate http method #1869

xianfeiqiang Mar 14, 2023

Replies: 2 comments · 2 replies

ldez Mar 14, 2023 Maintainer

xianfeiqiang Mar 15, 2023 Author

kolinfluence Jun 19, 2023

ldez Jun 19, 2023 Maintainer

xianfeiqiang
Mar 14, 2023

Replies: 2 comments 2 replies

ldez
Mar 14, 2023
Maintainer

xianfeiqiang Mar 15, 2023
Author

kolinfluence
Jun 19, 2023

ldez Jun 19, 2023
Maintainer