ACME wildcard certificate fails, regular certificate works

RouterOS General
1

Hi,

I'm trying to obtain a Let's Encrypt wildcard certificate on RouterOS using the built-in ACME client.

The following command succeeds without any issues:

/certificate/add-acme \
    directory-url=https://acme-v02.api.letsencrypt.org/directory \
    domain-names=my_domain.duckdns.org

However, when I try to request a wildcard certificate:

/certificate/add-acme \
    directory-url=https://acme-v02.api.letsencrypt.org/directory \
    domain-names=*.my_domain.duckdns.org

I receive the following error:

acme cert 'acme client acme_cert_*.my_domain.duckdns.org' (0x11) error:
received invalid challenge json response from server

Can anyone confirm whether wildcard certificates are currently unsupported by the built-in ACME client?

Environment:

  • RouterOS version: 7.23.1

  • Domain provider: DuckDNS

Has anyone successfully obtained a wildcard certificate directly on MikroTik, or is an external ACME client with DNS-01 validation required?

/ Oleksandr

2

Have you tried to include some " to the string like this.

domain-names="*.my_domain.duckdns.org"

https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
And you can test at this api url:
https://acme-staging-v02.api.letsencrypt.org/directory

https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605

3

Doesn't work either :frowning: Same error

5

On duckdns add a CNAME record for *.my_domain.duckdns.org

and try again.

6

If you search a bit in this forum you will found that that is not supported what i see:

It would be better if the RouterOS device supported the proposed DNS-01 challenge workflow.