In the .acme.sh directory there are a number of sub-directories, each named for a LE-certified domain.
Inside each there are two .conf files:
-
.acme.sh/mydomain.com/my.domain.com.conf
-
.acme.sh/mydomain.com/my.domain.com.csr.conf
Questions:
-
What are they each for?
-
Are they reporting what has been created by running acme.sh
--install(or--renew)? -
Or are they defining how acme.sh should process the next time it is run. (There are a number of posts in the LE forums suggesting they can and should be edited for this purpose).
-
If the answer is “defining”, how does editing them affect acme.sh’s renewal process? In other words, do you have to change the domains listed in both .conf files or just one? If only one, which one? Or should you never touch them and let acme.sh take care of them entirely.
-
Why is it that acme.sh seems to allow the bundling of multiple domains under one cert / master domain name, but not sub-domains which seem to get generated independently?
-
Is there a way to force subdomains to be bundled with the certificate that handles its respective domain?
-
What does acme.sh v2.8.6 do that makes cPanel recognize --renew(als)? In this marathon post (How to add a domain to an existing set of certs using acme.sh?) we worked out that
--deploy-hook cpanelgets acme and cPanel to play well together, but exactly how and why remains a mystery.