Search code examples
amazon-web-servicesamazon-ec2amazon-route53wildcard-subdomaincertbot

AWS Let's encrypt Wildcard certificate

I’m trying to create an HTTPS Wildcard certificate for all my subdomains * .booda.me

My server is hosted on Amazon web services on an “Amazon Linux AMI”.

When I run certbot with this command: letsencrypt certonly --manual --preferred-challenges dns --register -d mydomain.me -d * .mydomain.me

I’m asked to create a acme-challenge “TXT” DNS that contains a string. The certificates are validated with the confirmation message for “bmydomainoda.me” and “* .mydomain.me”.

I also find my certificates by making “certbot certificates”: certbot certificates

When I validate the first DNS “TXT” I wait a few minutes for the propagation. Then I update the 2nd DNS “TXT” for the wildcard by modifying the first DNS, because AWS does not allow me to add a second “_acme-challenge.mydomain.me”. But I do not think that could be a problem …

By cons when I go https://mydomain.me it works but none of my subdomains detect the certificate Let’s encrypt.

I have this error when I try to access a subdomain: https://formation.mydomain.me/logon.php

subdomain

my httpd-le-sll.conf configuration file looks like this:

<VirtualHost *: 443>
DocumentRoot “/ var / www / html”
ServerName “mydomain.me”
ServerAlias ​​"www.mydomain.me"
SSLCertificateFile /etc/letsencrypt/live/mydomain.me-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.me-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</ VirtualHost>

I do not understand where it can come from. I made several attempts by choosing “(E) xpand” to update the certificates but it does not work.

Where can it come from, I’m starting to despair …

Solution

  • I finally found the solution! On AWS it is possible to inform two lines "DNS TXT" on a single _acme-challenge, with a simple return line.

    So I was able to create a single let's encrypt certificate for mydomain.me and the wildcard.

    Then it was missing an alias in my VHOST, which now gives:

    <IfModule mod_ssl.c>
<VirtualHost *: 443>
    DocumentRoot "/ var / www / html"
    ServerName "mydomain.me"
    ServerAlias ​​"*.mydomain.me"
SSLCertificateFile /etc/letsencrypt/live/booda.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/booda.me/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</ VirtualHost>
</ IfModule>

    Thank you all for your help ! Subject resolved :)