Topic: Mod_md and wildcard for two domains

[bagu]

Hello,

I wonder if it's possible to have a wildcard certificate for two domains with mod_md.

I ask this because i have an hmailserver installation with only one certificate for *.bagu.fr and *.bagu.biz witch allow me to have smtp.bagu.fr and other things like that without having the need to have these subdomains responding with apache. (dns only)

But this certificate is renew every 3 month manually...

Waste of time.

If i could have only one wildcard certificate with mod_md, i could do this automatically.

Can you help me to do this ?
Thanks

[glsmith]

The problem is that wildcards can only be obtained through txt records in DNS. In most cases, automating this part cannot be done. [1]

I have two wildcards, yes every 3 months I have to do it manually, but for the luxury of being able to use the wildcards, I can handle doing it 4 times a year. I have done it now 4 or 5 times now and just this past week it took me all of 10 minutes in total to do, and most of that time was waiting for TTLs.

[1] However, see the post by danb35 at https://community.letsencrypt.org/t/wildcard-certificates-and-http-challenge/102060

I have not tried it so I cannot say it actually works.

[bagu]

Hello,

I ended up doing otherwise.

I changed the MX of bagu.fr to point to bagu.biz (rdns name of my ip address)
So I only need a certificate for bagu.biz

However, when I put this certificate on the hMailServer mail server, I can not connect.

The SSL session fails.

So my question is: is there something different between the certificate generated by mod_md and my cacert certificate used for my mail server ?
knowing that this is the only difference between a configuration that works and one that does not work)

Thanks a lot