[GH-ISSUE #36] LE wildcard certs #31

New issue

Closed

opened 2026-02-26 05:33:16 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 05:33:16 +03:00

Owner

Copy link

Originally created by @ZeroInputCtrl on GitHub (Dec 13, 2018).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/36

Does this container support using wildcards for the LE certs? Can it do the dns challenge for google? I looked through the images for the LE interfaces but i don't see anything that would allow this.

Originally created by @ZeroInputCtrl on GitHub (Dec 13, 2018). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/36 Does this container support using wildcards for the LE certs? Can it do the dns challenge for google? I looked through the images for the LE interfaces but i don't see anything that would allow this.

kerem 2026-02-26 05:33:16 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Dec 13, 2018):

Unfortunately no. Because LE wildcards require DNS setups, I don't bother supporting them in this project. You can specify multiple domains for a single LE certificate however.

<!-- gh-comment-id:447150067 --> @jc21 commented on GitHub (Dec 13, 2018): Unfortunately no. Because LE wildcards require DNS setups, I don't bother supporting them in this project. You can specify multiple domains for a single LE certificate however.

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@ZataH commented on GitHub (Dec 21, 2018):

Will you support it at some point?

<!-- gh-comment-id:449447502 --> @ZataH commented on GitHub (Dec 21, 2018): Will you support it at some point?

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@koshia commented on GitHub (Dec 30, 2018):

I would like to +1 on this request; however low priority. @jc21 I do agree it lets you add multiple domains/sub-domains, but i believe you are still limited to 10 per 90 days, iirc. I'm already @ 8 subdomains and can see adding another 4-6 in the future.

<!-- gh-comment-id:450588031 --> @koshia commented on GitHub (Dec 30, 2018): I would like to +1 on this request; however low priority. @jc21 I do agree it lets you add multiple domains/sub-domains, but i believe you are still limited to 10 per 90 days, iirc. I'm already @ 8 subdomains and can see adding another 4-6 in the future.

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Jan 3, 2019):

The project's initial goal was to let beginners create ssl reverse proxies. Using LE wildcards requires that the app force users to leave it, add entries to dns, then come back and finish any setup. At this point, it doesn't feel "simple" and as such, very low priority for me.

<!-- gh-comment-id:451054614 --> @jc21 commented on GitHub (Jan 3, 2019): The project's initial goal was to let beginners create ssl reverse proxies. Using LE wildcards requires that the app force users to leave it, add entries to dns, then come back and finish any setup. At this point, it doesn't feel "simple" and as such, very low priority for me.

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@ZeroInputCtrl commented on GitHub (Jan 3, 2019):

That's true if you want to arbitrarily use wildcard certs. I use https://hub.docker.com/r/linuxserver/letsencrypt/ with the google plugin. You give the credentials, it passes those through to certbot and uses these scripts https://github.com/certbot/certbot/tree/master/certbot-dns-google to automatically create and destroy dns records in order to do dns validation for the wildcard certs. Maybe just the sites that have scripts to do these automatic records be a good start?

<!-- gh-comment-id:451136609 --> @ZeroInputCtrl commented on GitHub (Jan 3, 2019): That's true if you want to arbitrarily use wildcard certs. I use https://hub.docker.com/r/linuxserver/letsencrypt/ with the google plugin. You give the credentials, it passes those through to certbot and uses these scripts https://github.com/certbot/certbot/tree/master/certbot-dns-google to automatically create and destroy dns records in order to do dns validation for the wildcard certs. Maybe just the sites that have scripts to do these automatic records be a good start?

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Jan 3, 2019):

Yeah that's an interesting point. Supporting AWS and Google Cloud to begin with might be easiest. As long as the user understands the security implications of saving their service credentials and the UI process is simple.

<!-- gh-comment-id:451305999 --> @jc21 commented on GitHub (Jan 3, 2019): Yeah that's an interesting point. Supporting AWS and Google Cloud to begin with might be easiest. As long as the user understands the security implications of saving their service credentials and the UI process is simple.

kerem commented 2026-02-26 05:33:17 +03:00

Author

Owner

Copy link

@vrelk commented on GitHub (May 6, 2019):

Take a look at this project, either for collaboration or inspiration.

https://github.com/Neilpang/acme.sh

<!-- gh-comment-id:489475112 --> @vrelk commented on GitHub (May 6, 2019): Take a look at this project, either for collaboration or inspiration. https://github.com/Neilpang/acme.sh

kerem commented 2026-02-26 05:33:18 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 8, 2019):

Refer to #85 and #120.

<!-- gh-comment-id:490298735 --> @jc21 commented on GitHub (May 8, 2019): Refer to #85 and #120.

kerem commented 2026-02-26 05:33:18 +03:00

Author

Owner

Copy link

@toxic0berliner commented on GitHub (Aug 30, 2020):

sadly, neither #85 not #120 enable support for LE wildcard certificate.
I'd be very interested to have the gui to do this in nginx-proxy-manager, for the time beeing I cannot request any certificate for *.example.com since the ui doesn't let me, I've also seen some javascript alert message somewhere explicitely telling me it doesn't support it....
Any luck of reopening the issue and implementing it now that DNS challenge seems to be working ?

<!-- gh-comment-id:683437246 --> @toxic0berliner commented on GitHub (Aug 30, 2020): sadly, neither #85 not #120 enable support for LE wildcard certificate. I'd be very interested to have the gui to do this in nginx-proxy-manager, for the time beeing I cannot request any certificate for *.example.com since the ui doesn't let me, I've also seen some javascript alert message somewhere explicitely telling me it doesn't support it.... Any luck of reopening the issue and implementing it now that DNS challenge seems to be working ?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#31

No description provided.