With the config below the issued certificate works for www.example.org and abc.example.org.but doesn't work for www.abc.example.org.
http:
routers:
web-router:
rule: "Host(`example.org`) ||
Host(`www.example.org`) ||
HostRegexp(`{subdomain:[a-z-]+}.example.org`) ||
HostRegexp(`www.{subdomain:[a-z-]+}.example.org`)"
entryPoints:
- web
middlewares:
- redirect
- csrf
service: django
web-secure-router:
rule: "Host(`example.org`) ||
Host(`www.example.org`) ||
HostRegexp(`{subdomain:[a-z-]+}.example.org`) ||
HostRegexp(`www.{subdomain:[a-z-]+}.example.org`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: django
tls:
certResolver: letsencrypt
domains:
- main: "*.example.org"
sans:
- "example.org"
certificatesResolvers:
letsencrypt:
acme:
email: "[email protected]"
storage: /etc/traefik/acme/acme.json
dnsChallenge:
provider: route53
delayBeforeCheck: 0
In the DNS I have A records for example.org and *.example.org.
Is it possible to get a certificate that works for www.*.example.org and *.example.org in the same time?
LetsEncrypt doesn't do nested wildcards. You can get a certificate for *.example.org or for *.sub.example.org, but *.example.org doesn't include . in the definition of *.
Furthermore, DNS itself doesn't support nested or embedded wildcards.
You can see this if you create a record for www.*.example.com and then query for something like www.foo.example.com. You'll get an NXDOMAIN response. If you query for www.\*.example.com (or wrap the FQDN in single quotes to avoid shell expansion), then you'll get the A record you created. The asterisk becomes a literal character when not at the beginning of the record.
➤ host www.sub.productionwebsite.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
Host www.sub.productionwebsite.com not found: 3(NXDOMAIN)
~
➤ host 'www.*.productionwebsite.com' 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
www.*.productionwebsite.com has address 10.68.0.73