I'll try to be as clear as I can. In this server I have debian 8. I'm trying to make a Let's Encrypt SSL Wildcard domain. I got it for the main domain: "fakturo.org", but no for "yipies.fakturo.org" that shows the clasic "Warning: Potential Security Risk Ahead" The website config is: After install 3.14p2 and edit the website SSL tab, two records CAA was inserted in it's DNS Zone. Number 2 Can be edited Well. I checked Use Wildcard SSL but nothing changed. Number 1 give an error on regex when I try to save. This is the first view when I go to edit. Then I check Use Wildcard SSL and save and gives that error. name_error_regex and changes the readonly field from '*.fakturo.org' to just '*' (The '*' seems to be the problem.) Can you point me in the right direction to get Let's Encrypt wildcard SSL ?
The CAA record is not directly related to the SSL cert or in other words, the purpose of a CAA record is to tell the SSL authority if it may issue a cert at all for your domain. If the CAA would have been wrong, then you would not have got an SSL cert from LE at all. As you got an SSL cert, your issue is not the CAA record. In ISPConfig you can not get wildcard LE SSL certs and that's why you did not get one. Wildcard SSL certs require DNS authentication and ISPConfig supports only webroot authentication. So there is no issue with CAA records here, ISPConfig just does not support wildcard LE certs yet due to the requirement of DNS auth. There are several posts about that in the forum btw.
Use Internet Search Engines with Code: site:howtoforge.com Let's Encrypt wildcard SSL For example this page found with that search looks informative: https://www.howtoforge.com/communit...encrypt-manual-install-on-one-web-site.80315/ You are also missing dot at end of *.facturo.org CAA entry in your DNS.
Thanks guys, Very clear Till, and also Taleman on how to search specifically. I’ll research about make it manually. But the issue part, I still have a doubt, I’ve talked about I can’t edit the CAA record added automatically by ISPConfig with * by the ‘name_error_regex’ system notice. (I can’t add it a dot or anything) Is this ok because ISPConfig does not support wildcard LE certs yet? Thanks!
Don't enter anything into the additional hostnames field, all you have to do is to tick the wildcard checkbox. As the description of the field says, it has to be empty for all hostnames.
Additional hostnames is readonly. After tick the wildcard checkbox, I can’t save the record by the error.
Delete the record and recreate it. The reason for the error is that you entered *.fakturo.org into the additional hosts field.
