webprofusion-chrisc
commented
2 years ago Thanks, but this is not an an issue or bug related to certes, unless there is something wrong with documentation somewhere.
Closed engahmedtaha closed 2 years ago
webprofusion-chrisc
commented
2 years ago Thanks, but this is not an an issue or bug related to certes, unless there is something wrong with documentation somewhere.
engahmedtaha
commented
2 years ago yes it is not a bug can we have something to protect base domain at the same time ? Or can we add SubjectAlternativeNames ? thank you
webprofusion-chrisc
commented
2 years ago Yes you write that yourself, just add all the names you need to your order. You will then need to complete authorizations for each identifier before you can finalize your order and download your cert.
var certificateIdentifiers = new List<Identifier> {
new Identifier { Type = IdentifierType.Dns, Value = "*.example.com" },
new Identifier { Type = IdentifierType.Dns, Value = "example.com" }
};
order = await _acme.NewOrder(certificateIdentifiers);works fine now Thank You
A wildcard certificate for *.example.com is not valid for example.com. You need to add that name as well by specifying two -d flags to Certbot like:
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "yii2.cc" -d ".yii2.cc" --preferred-challenges=dns --manual certonly That will give you a certificate with two names: yii2.cc and .yii2.cc that will be valid for both the base domain and any first level subdomain.