It’s not easy to find proper search results for this topic.
You have a domain and would like to have wildcard subdomains but are not a customer of the prominent cloud providers aka your domain reseller or DNS provider isn’t supported.
Prerequisite:
We already have a *.domain.tld DNS record pointing to our server with certbot installed.
The command is
certbot certonly --manual -d *.domain.tld
You run this command, then you have to add a TXT record to your DNS zone.
Something like
_acme-challenge.domain.tld.
as the key.
The trailing dot (.) is required.
And the value you receive from the command as well.
Then wait until it’s updated in the DNS, you can check if it was with
dig TXT _acme-challenge.domain.tld
.
And then you just hit ENTER in the console and it should be completed.
I’ll now add a wildcard nginx configuration for ZITADEL, which is an web based identity management software.
server { listen 80; listen [::]:80; server_name *.domain.tld; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; http2 on; server_name *.domain.tld; access_log /var/log/nginx/domain.tld.access.log; error_log /var/log/nginx/domain.tld.error.log; ssl_certificate /etc/letsencrypt/live/domain.tld-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.tld-0001/privkey.pem; add_header Strict-Transport-Security "max-age=63072000" always; root /var/www/domain.tld; location / { grpc_pass grpc://localhost:12345; grpc_set_header Host $host:$server_port; } }