starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

How to use wildcard alt names with --domain flag? #352

New Issue
Closed
opened 2025-12-29 01:23:35 +01:00 by adam · 3 comments
adam commented 2025-12-29 01:23:35 +01:00
Owner
Copy Link

Originally created by @nh2 on GitHub (May 27, 2018).

Hi,

I've been using dehydrated's --domain CLI flag instead of domains.txt, and now want to also use wildcard certificates.

What is the --domain CLI flag equivalent of doing

service.example.com *.service.example.com

as explained on 10d4b98e7f/docs/domains_txt.md (wildcards) ?

I've tried the following:

When I give --domain '*.service.example.com', I get

ERROR: Please define a valid alias for your *.service.example.com wildcard-certificate.

which makes sense.

When I give --domain 'service.example.com *.service.example.com', I get

 + Requesting authorization for *.service.example.com...
  + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 400)

Details:
HTTP/1.1 100 Continue
Expires: Sun, 27 May 2018 14:15:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 129
Boulder-Requester: 3059337
Replay-Nonce: Naad93U-smxcpae2dpp8mx4WxnfDTymk_3IgLrny3lY
Expires: Sun, 27 May 2018 14:15:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 27 May 2018 14:15:52 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Wildcard names not supported",
  "status": 400
}

Thanks!

Originally created by @nh2 on GitHub (May 27, 2018). Hi, I've been using dehydrated's `--domain` CLI flag instead of `domains.txt`, and now want to also use wildcard certificates. What is the `--domain` CLI flag equivalent of doing ``` service.example.com *.service.example.com ``` as explained on https://github.com/lukas2511/dehydrated/blob/10d4b98e7f1e2c5e0e5b16b0896aa7180e5a88f5/docs/domains_txt.md#wildcards ? --- I've tried the following: When I give `--domain '*.service.example.com'`, I get ``` ERROR: Please define a valid alias for your *.service.example.com wildcard-certificate. ``` which makes sense. When I give `--domain 'service.example.com *.service.example.com'`, I get ``` + Requesting authorization for *.service.example.com... + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 400) Details: HTTP/1.1 100 Continue Expires: Sun, 27 May 2018 14:15:52 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache HTTP/1.1 400 Bad Request Server: nginx Content-Type: application/problem+json Content-Length: 129 Boulder-Requester: 3059337 Replay-Nonce: Naad93U-smxcpae2dpp8mx4WxnfDTymk_3IgLrny3lY Expires: Sun, 27 May 2018 14:15:52 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 27 May 2018 14:15:52 GMT Connection: close { "type": "urn:acme:error:malformed", "detail": "Error creating new authz :: Wildcard names not supported", "status": 400 } ``` Thanks!
adam closed this issue 2025-12-29 01:23:35 +01:00
adam commented 2025-12-29 01:23:35 +01:00
Author
Owner
Copy Link

@nh2 commented on GitHub (May 27, 2018):

Uh now I'm confused. Looks like I get Error creating new authz :: Wildcard names not supported even when using domains.txt instead of --domain flags, with this domains.txt:

service.example.com *.service.example.com

and invocation dehydrated --config config --cron --challenge dns-01 --hook route53.py. What am I missing?

@nh2 commented on GitHub (May 27, 2018): Uh now I'm confused. Looks like I get `Error creating new authz :: Wildcard names not supported` even when using `domains.txt` instead of `--domain` flags, with this `domains.txt`: ``` service.example.com *.service.example.com ``` and invocation `dehydrated --config config --cron --challenge dns-01 --hook route53.py`. What am I missing?
adam commented 2025-12-29 01:23:36 +01:00
Author
Owner
Copy Link

@nh2 commented on GitHub (May 27, 2018):

Ah, never mind, I had a stray

CA="https://acme-staging.api.letsencrypt.org/directory"

in my config when it should have been the following to use ACMEv2 for wildcard cert support:

CA="https://acme-staging-v02.api.letsencrypt.org/directory"

So --domain 'service.example.com *.service.example.com' seems to work now.

@nh2 commented on GitHub (May 27, 2018): Ah, never mind, I had a stray ``` CA="https://acme-staging.api.letsencrypt.org/directory" ``` in my config when it should have been the following to use ACMEv2 for wildcard cert support: ``` CA="https://acme-staging-v02.api.letsencrypt.org/directory" ``` So `--domain 'service.example.com *.service.example.com'` seems to work now.
adam commented 2025-12-29 01:23:37 +01:00
Author
Owner
Copy Link

@TyrfingMjolnir commented on GitHub (Jul 6, 2020):

Should I be able to put in /opt/local/etc/dehydrated/domains.txt

domain.tld *.domain.tld

To have a cert for all subdomains? Or does this approach only work for sub-sub-domains?

@TyrfingMjolnir commented on GitHub (Jul 6, 2020): Should I be able to put in /opt/local/etc/dehydrated/domains.txt ``` domain.tld *.domain.tld ``` To have a cert for all subdomains? Or does this approach only work for sub-sub-domains?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#352
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?