How to add Letsencrypt wildcard to all subdomains

Discussion in 'Installation/Configuration' started by Erik T, Jan 8, 2021.

  1. Erik T

    Erik T New Member

    I am trying to include all subdomains in my letsencrypt certificate for a single domain. According to threads on this forum they should be added autuomatically using acme v02, but that is seemingly not the case for me.
    I am using certbot 0.28.0-1~deb9u3 on Debian 9.

    The renew file for the domain is included below:
    # renew_before_expiry = 30 days
    version = 0.28.0
    archive_dir = /etc/letsencrypt/archive/<domain>
    cert = /etc/letsencrypt/live/<domain>/cert.pem
    privkey = /etc/letsencrypt/live/<domain>/privkey.pem
    chain = /etc/letsencrypt/live/<domain>/chain.pem
    fullchain = /etc/letsencrypt/live/<domain>/fullchain.pem

    # Options used in the renewal process
    account = c48faf153accad0721c0759af4412db7
    authenticator = webroot
    webroot_path = /usr/local/ispconfig/interface/acme,
    server =
    rsa_key_size = 4096
    <aliasdomain1> = /usr/local/ispconfig/interface/acme
    <aliasdomain2> = /usr/local/ispconfig/interface/acme
    <aliasdomain3> = /usr/local/ispconfig/interface/acme
    <aliasdomain4> = /usr/local/ispconfig/interface/acme
    <domain> = /usr/local/ispconfig/interface/acme
    www.<domain> = /usr/local/ispconfig/interface/acme
    <aliasdomain5> = /usr/local/ispconfig/interface/acme
    <aliasdomain6> = /usr/local/ispconfig/interface/acme
    space.<domain> = /usr/local/ispconfig/interface/acme
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Erik T likes this.
  4. Erik T

    Erik T New Member

  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Not in the near future, I think. May be 3.3 or above as we need to study changes in 3.2 and have the general structure acceptable by the key developers before we re-write and contribute the code for it.

    To note, Letsencrypt SSL certs issuance process is not a main concern as the needed features are already there and are working good, and as such, the enhancement of the same, will be a very low priority for now.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    No, as this would mean to implement custom setting forms for dozens of DNS providers as each provider handles it differently.

Share This Page