Let's encrypt disabled

christer

I requested a Let's Encrypt certificate for one of my sites, then got the following notification:

Lets Encrypt was disabled for site xxx and switched to the shared certificate because it contains only opalstacked.com domains.

But when accessing the site xxx.yyy.opalstacked.com through HTTPS I get the message "Connection not private..." and inspecting the certificate a message saying "opalstacked.com" certificate name does not match input

Does this mean that I should not run any sites on sub-sub domains to opalstacked through HTTPS?

sean

christer as documented we had to stop issuing individual LE certs for opalstacked.com:

⚠️ Note: as of 3 November 2020 we're no longer able to issue individual LE certificates for opalstacked.com domains due to rate-limits imposed by the LE service.

Because of this:

If all of the domains on the site are opalstacked.com subdomains, then the site will be switched to a shared opalstacked.com wildcard certificate.

If the site has opalstacked.com subdomains mixed with other domains, then the opalstacked.com subdomains will be omitted from the final certificate.

The wildcard is for *.opalstacked.com so it's valid for user.opalstacked.com but not sub.user.opalstacked.com.

If you just need encryption then you can accept the browser warning and go on with your business. The SSL will still work.

If you need to have a valid certificate for sub-subdomains of your opalstacked.com subdomain then you can issue one manually by following the steps in the LE doc linked above.

christer

OK, clear. Thanks