Certificate validation issue with subdomains of subdomains

Asked Apr 20 '22 at 03:27

Active Apr 20 '22 at 06:15

Viewed 22 times

I have a current, production certificate with a wildcard common-name hosted in Amazon Certificate Manager (ACM). I've added a CNAME with a subdomain of a subdomain (like ....) to our Route53 zone that points to our load-balancer (ALB). However, Chrome complains with

[SSL_ERROR_BAD_CERT_DOMAIN] "The certificate is only valid for *..." (domain intentionally sanitized).

What could the problem be? Am I wrong in assuming that wildcard certificates should handle any subdomain at all depths?

edited Apr 20 '22 at 06:15

RBT

asked Apr 20 '22 at 03:27

Dustin Oprea

2

Duplicate of: https://stackoverflow.com/a/9743652/706421 – Dustin Oprea Apr 20 '22 at 03:35
2

In short - the `*` wildcard only matches 1 subdomain level - see also https://serverfault.com/a/310545/960939 – Rob Apr 20 '22 at 07:18
"Am I wrong in assuming that wildcard certificates should handle any subdomain at all depths?" Yes, you are wrong on this. – Patrick Mevzek Apr 20 '22 at 14:54

Certificate validation issue with subdomains of subdomains

0 Answers0