I want to use Wildcard Domains such as my domain is mydomain.com and I want use SSLcertificate cover *.mydomain.com < maybe : mail.mydomain.com , ftp.mydomain.com etc.>
Follow yure Requesting a Certificate docs in title Using Wildcard Domains-docs.certifytheweb.com/docs/certificate-process/#using-wildcard-domains. tell that " Wildcard certificates require DNS validation, this is a requirement imposed by the Certificate Authority"
Then is follow DNS Validation(dns-01)-docs.certifytheweb.com/docs/dns/validation doc in Certify DNS from Using Certify DNS in Certify The Web topic.
But I wasn’t successful in setting it up.
From “Using Certify DNS in Certify The Web” Step :
Enable Certify DNS…
I sign in to “certifytheweb/profile” and it give Certify DNS - Managed Dns Validation-Standard for Product Key
Select Certify DNS as the DNS update method…
In my Certify… Management-Community Edition- on my server, I selected DNS Update method to "Certify DNS.
Create your Certify DNS credentials …
I use my email address for API Username and my Product Key for API Key in New Credentials
You will be prompted to create a CNAME pointing to the TXT record hosted by the Certify DNS service. If you miss this prompt check back in the log file for your managed certificate (see the Status tab).
For this step. I don’t understand what to do next. but this is my log from status tab
Once you have created your CNAME record, delete any existing _acme-challenge TXT record in the same zone to avoid confusion.
Please guide for this step
When you look at your log file you need to scroll down to the latest entries, the example you gave is from a few days ago and from when you used http validation and successfully requested your certificate. You could also search for the word ‘CNAME’.
If you have tried to use Certify DNS you will see that there is a log entry (when you scroll through the log file) that says to point the CNAME '_acme-challenge.aimer-stock.com` to a specific host. Once you have created that record in DNS you can proceed with the certificate request - the Certify DNS service will automatically serve the correct challenge responses to Let’s Encrypt in order to validate your domain.
Regarding “delete any existing _acme-challenge TXT record”, if you haven’t created one then you don’t need to delete one.
This all assumes that you have administrative access to your domains DNS control panel and can add or remove the required records, if you don’t then someone else will have to do that for you.
Thank you very much for your answer.
This is my latest log and my setting in dns-01 and Tes Results.
No any “CNAME” word in log files.
Is wildcard certificates can use only license edition (not Community edition)?
Is there any mistake in my settings? Please advise.
Interesting! No the community edition is not limited like that so you can definitely use it to get wildcard certs. Your log file does not show a request a wildcard, it shows aimer-stock.com and www.aimer-stock.com.
Have you clicked either Save or Request Certificate yet (not just Test - as the screenshot states, Test does nothing for Certify DNS, otherwise you would need to setup test CNAME records etc)?
Yes, I Save and Request Ceritticate already.
Now, I tried to update software “Cerify the web” to version 220.127.116.11 and pess Request Certificate again. Error occured →
follow image below show Error after Request Certificate and detail in Preview tab
What should I do next to be able to use Wildcards Certificate?
The main issue you have encountered here is that you have hit the Let’s Encrypt rate limit for duplicate certificates, see Rate Limits - Let's Encrypt. This is because you have previously managed to order your certificate 5 times in the last week and Let’s Encrypt won’t keep issuing new ones.
I’d suggest you edit your managed certificate (or add a new one) and set the domains to be
aimer-stock.com (wildcards don’t cover the top level domain so you need to include it on the certificate as well). As you will then be requesting a different certificate (a different set of identifiers) the order should proceed as normal and you should then reach the step to setup your CNAME for use with Certify DNS.
Thanks for your advice.
Now, I add *.aimer-stock.com in Domain and Request Certificate and Request again (follow below image show latest my step and my DNS manager setup)
But have something error, please guide me again for fix this…
Great, so now you have to create the _acme-challenge CNAME record with the value as instructed:
You haven’t created that record yet. This is a one-time requirement as Certify cannot just modify your DNS for you when you are using this method of DNS challenge delegation.
I tried to add CNAME in DNS Manager with Name : _acme-challenge and paste value from latest log file tol data input (please see image) and Request Certificate again. But still error…
Where have I made a mistake?
You have used the incorrect value (which should be a long host name) , the value currently shown is not a Certify DNS CNAME, the one you originally had in your screenshot looked like f30492990…tx.auth.certifytheweb.com
It’s great and thank you for giving me such good advice.
Now I have succeeded. Since you have edited that value in DNS CNAME to f304…
But I have a problem about ftp ssl same the 1106 and I would like to start a specific new topic.
Thank you very much