NGINX and certbot to certificate all *.domain.com and domain.com

Question

NGINX and certbot to certificate all *.domain.com and domain.com

fnel 2 years, 4 months ago

Hi,

I'm using certbot on my NGINX to generate my SSL certications. Our site hosts SAAS software which we assign a subdomain for every one of our clients. That being said I used Linode API and certbot to handle my SSL certifications on my wildcard as follows:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name .example.com;
    location / {
        proxy_pass http://localhost:5500;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

this config works fine on my https://*.domain.com traffics. However, my https://domain.com has an SSL certification problem NET::ERR_CERT_COMMON_NAME_INVALID
what am I doing wrong?
if needed the domain name is diosf.com

Thanks

1 Reply

jhartman · Answer 1 · April 27, 2023, 6:16 p.m.

jhartman 1 year, 7 months ago Linode Staff

As I understand it, your wildcard SSL Certificate only covers your subdomains, not the actual top-level domain (TLD). This StackExchange article goes into more detail, but essentially you will still need to generate an SSL cert for your TLD:

Primary domain SSL not working, but wildcard subdomains are working - Server Fault

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

NGINX and certbot to certificate all *.domain.com and domain.com

1 Reply

Reply

Tips: