Certificate for subdomain and wildcard (For Adguard DNS)

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

a. System environment:

Docker with a custom docker image with Cloudflare DNS plugin : cf3005/caddy-with-dns-cloudflare

b. Command:

Use portainer so default docker command.

c. Service/unit/compose file:


FROM caddy:builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

d. My complete Caddy config:

dns.redacted.fr, *.dns.redacted.fr {
  reverse_proxy localhost:4053
  tls redacted@gmail.com {
    dns cloudflare REDACTED

3. The problem I’m having:

Is it possible to generate certificate like this dns.redacted.fr,*.dns.redacted.fr ? Let me explain : to use Adguard DNS over TLS with client identification, Adguard need to have a certificate dns.redacted.fr,*.dns.redacted.fr in a single certificate but caddy generate them in differents certificates: one for dns.redacted.fr and one for *.dns.redacted.fr. These certificate are requested single and not combined as I can see with Cloudflare cert watch :

Caddy :
(sorry for a imgur link but I can’t put other images)

Nginx Proxy Manager

5. What I already tried:

I have :

  • deleted the space after the comma : dns.redacted.fr, *.dns.redacted.frdns.redacted.fr,*.dns.redacted.fr but it gave me an error that the space is need after the comma
  • reversed the domain : dns.redacted.fr, *.dns.redacted.fr*.dns.redacted.fr, dns.redacted.fr but nothing change.

Automated certificates don’t benefit well from multi-SAN certs, see:

Competent servers these days should support multiple certificates (and automate them).

Thank but Adguard want a SAN certificate so I will use NPM for this certificate.

This topic was automatically closed after 30 days. New replies are no longer allowed.