wmnnd/nginx-certbot

[Question] Wildcard subdomains

abudiar opened this issue · 3 comments

So I have this set up and working for normal domains. But for the life of me I can't seem to get wildcard subdomain certificates. I simply cant figure out how to include the DNS plugins with the certbot on the init script.

Anyone have any experience with creating wildcard subdomain certificates with this repo?
Am I even going the correct direction, or am I looking at this in the wrong way?

Thanks!

mpldr commented

This repo uses Verification by webserver. to my knowledge wildcard certs are only possible with DNS-authenticators.

This might be helpful: https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250/4

I am not sure how auto-renewal works with DNS though.

Did you solve the problem with installing the certificate on the subdomain?

I managed to get DNS verification working like so (for Cloudflare):

Follow these docs (specifically the part about getting a cloudflare token):
https://certbot-dns-cloudflare.readthedocs.io/en/stable/

In your docker composer use the image called certbot/dns-cloudflare instead of certbot/certbot

Then, replace the cert issuing command to the following (you'll have to create cf.ini per the docs above):

certbot certonly \
$staging_arg \
$email_arg \
-d $domain \
--rsa-key-size $rsa_key_size \
--no-eff-email \
--agree-tos \
--force-renewal \
--dns-cloudflare \
--dns-cloudflare-credentials /etc/letsencrypt/cf.ini \
--dns-cloudflare-propagation-seconds 30

Regards,
Francisco Hodge