LetsEncrypt certificate for nested wildcard subdomain
The CertBot error you're seeing is accurate - SSL certificates are only valid for one domain layer - for example *.domain.com
or *.fr.domain.com
or *.example.domain.com
. More information - specifically the RFC quote - is in this SF answer.
If you need subdomains of subdomains, you will need to create wildcards for each individual subdomain.
Related videos on Youtube
Ilya Cherevkov
I like engineering simple stuff that just works.
Updated on September 18, 2022Comments
-
Ilya Cherevkov almost 2 years
I've generated Lets Encrypt wildcard certificate for my domain
*.domain.com
.I thought this certificate is valid for any nested subdomain
*.*.domain.com
, likeit.*.domain.com
orfr.*.domain.com
. But browsers giving me error, that wildcard certificate was issued fordomain.com
, and not for*.domain.com
. I've tried to issue new certificate for*.*.domain.com
with CertBot and it's giving me error (multiple wildcards not allowed).Is it possible to achieve this, or do I have to manually issue wildcard certificates for each 1st level subdomain?
-
Ilya Cherevkov about 4 yearsThats unfortunate, so I need to generate 20 wildcard certificates :(
-
ObiwanKeTobi about 4 yearsI'd personally question the logic of your DNS structure - most implementations tend to use hyphens or URL-rewriting to separate locales for precisely this reason. For example:
domain.com/uk
oruk.domain.com
orstore-uk.domain.com
. -
Ilya Cherevkov about 4 yearsIt depends on the site type. I found out that for content sites it makes sense to create numerous region-oriented subdomains like lang.theme_category.domain.com for better search engine indexing purposes.
-
Ilya Cherevkov about 4 yearsBecause each combination is considered as different resource which affects indexing frequency. In contrast,
domain.com/theme_category/lang/
is considered as one resource so you get less bot scans by the factor of langs * categories -
ObiwanKeTobi about 4 yearsEach combination is not a separate site - source1 / source2. Using subdomains like this will harm SEO, not help it. A better strategy would be
theme.domain.com/lang
, or even better would be to use the correct localised domain - for exampledomain.fr
ordomain.de
ordomain.it
if you have the commercial clout to do so.