Let's Encrypt Wildcard Error 403

Steveorevo · December 2, 2024, 3:21am

Create a new web domain (example.com) and replace the alias ‘www’ with ‘*’, so we’ve got the web domain and alias:

example.com
*.example.com

Error: Let’s Encrypt finalize bad status 403 (example.com)

Yes I have HestiaCP taking care of DNS on the same server
Yes, I manually added the wildcard A record for * to point to the server IP address.

Yet still getting Error 403. New clean installation, DNS propagation is complete and HestiaCP is the DNS for the example.com domain. Creating a non-wildcard SSL cert works without issue.

yunli · December 2, 2024, 3:41am

Domain names don’t support the * symbol, and you’re a genius

Steveorevo · December 2, 2024, 5:14am

The domain name isn’t literally a *; it’s a placeholder aka ‘wildcard’. The directions are pretty clear; or perhaps I’m not a genius after all!

Might want to inform Jaap Marcus about:

Raphael · December 2, 2024, 6:07am

do you use your own dns servers, hosted by hestia?

Steveorevo · December 2, 2024, 3:35pm

Yes. HestiaCP seems to write the challenge to the DNS server; and that works for creating SSL certs in general. But wildcard certs do not appear to work.

Steveorevo · December 2, 2024, 3:59pm

Looks like a DNS propagation delay/issue. I think I have it handled. Thanks for your feedback.

For anyone following this thread; be sure to use the dig command to ensure your DNS is indeed, your HestiaCP! I.e.:

dig NS example.com