Closed atomicus closed 5 years ago
atomicus
commented
6 years ago A question too it also, as it's not stated clerly (or I did not find it). Dowildcard domain require work only with dns challange (which in fact requires a plugin, or manual txt entries) or it should also work with well-known (http) type of auth?
ldez
commented
6 years ago @atomicus Hello, which DNS providers are you using?
The wildcard certificates are only available with the DNS challenge, it's a constraint due to Let's Encrypt.
# Manual
./lego -d=*..app.example.com --dns manual --email=test@example.com -a run
# with cloudflare
./lego -d=*..app.example.com --dns cloudflare --email=test@example.com -a run$ ./lego dnshelp
Credentials for DNS providers must be passed through environment variables.
Here is an example bash command using the CloudFlare DNS provider:
$ CLOUDFLARE_EMAIL=foo@bar.com \
CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
lego --dns cloudflare --domains www.example.com --email me@bar.com run
Valid providers and their associated credential environment variables:
acme-dns: ACME_DNS_API_BASE, ACME_DNS_STORAGE_PATH
alidns: ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY
azure: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP
auroradns: AURORA_USER_ID, AURORA_KEY, AURORA_ENDPOINT
bluecat: BLUECAT_SERVER_URL, BLUECAT_USER_NAME, BLUECAT_PASSWORD, BLUECAT_CONFIG_NAME, BLUECAT_DNS_VIEW
cloudxns: CLOUDXNS_API_KEY, CLOUDXNS_SECRET_KEY
cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY
digitalocean: DO_AUTH_TOKEN
dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_OAUTH_TOKEN
dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET
duckdns: DUCKDNS_TOKEN
exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET, EXOSCALE_ENDPOINT
gandi: GANDI_API_KEY
gandiv5: GANDIV5_API_KEY
gcloud: GCE_PROJECT, GCE_SERVICE_ACCOUNT_FILE
glesys: GLESYS_API_USER, GLESYS_API_KEY
hostingde: HOSTINGDE_API_KEY, HOSTINGDE_ZONE_NAME
iij: IIJ_API_ACCESS_KEY, IIJ_API_SECRET_KEY, IIJ_DO_SERVICE_CODE
linode: LINODE_API_KEY
linodev4: LINODE_TOKEN
lightsail: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, DNS_ZONE
manual: none
namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY
namedotcom: NAMECOM_USERNAME, NAMECOM_API_TOKEN
netcup: NETCUP_CUSTOMER_NUMBER, NETCUP_API_KEY, NETCUP_API_PASSWORD
nifcloud: NIFCLOUD_ACCESS_KEY_ID, NIFCLOUD_SECRET_ACCESS_KEY
rackspace: RACKSPACE_USER, RACKSPACE_API_KEY
rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET,
RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, AWS_HOSTED_ZONE_ID
dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD
vegadns: SECRET_VEGADNS_KEY, SECRET_VEGADNS_SECRET, VEGADNS_URL
vultr: VULTR_API_KEY
ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
pdns: PDNS_API_KEY, PDNS_API_URL
dnspod: DNSPOD_API_KEY
otc: OTC_USER_NAME, OTC_PASSWORD, OTC_PROJECT_NAME, OTC_DOMAIN_NAME, OTC_IDENTITY_ENDPOINT
sakuracloud: SAKURACLOUD_ACCESS_TOKEN, SAKURACLOUD_ACCESS_TOKEN_SECRET
exec: EXEC_PATH, EXEC_MODE
For a more detailed explanation of a DNS provider's credential variables,
please consult their online documentation.
Hi, so lego works for my domains:
test.app.example.comapp.example.combut not for:*.app.example.comEverything is set up identically on DNS provider side (*.app.example.com, app.example.com point to the same).
I'm running command as:
Results in: