Usually every sub-domain needs a DNS entry to resolve to an IP. You created those?
Yes, I have a wildcard certificate for those.
Actually, looking at the docs, I can't see how to set the LE cert as the default one for all unknown subdomains:
stores:
default:
defaultGeneratedCert:
resolver: lets_encrypt_resolver
domain:
main: mydomain.com
sans:
- *.mydomain.com
The example only shows concrete domains specified in the sans field...
--
What do I need to do, so that I when I visit unknownsubdomain.mydomain.com, it does not show a https warning and instead redirects to mydomain.com, or anywhere else?
-- Edit: Solution is:
- Wildcard cert
- Redirect all http to https (I already had this)
- Low priority route that forwards everything to another domain via middleware
Here's the redirect router:
redirectUnknownSubdomain:
rule: PathPrefix(`/`)
priority: 1
entryPoints:
- https
middlewares:
- redirectUnknownSubdomain
service: redirectUnknownSubdomain
tls:
certResolver: lets_encrypt_resolver
domains:
- main: {{env "DOMAIN"}}
- sans: '*.{{env "DOMAIN"}}'
and the redirect service:
redirectUnknownSubdomain:
loadBalancer:
servers:
- url: https://www.google.com