Alternative Names - certbot

IndyNaessens · November 11, 2019, 2:25pm

My domain is: indy-naessens.sb.uclllabs.be

I ran this command:
certbot --apache -d “indy-naessens.sb.uclllabs.be, secure.indy-naessens.sb.uclllabs.be, supersecure.indy-naessens.sb.uclllabs.be”

Everything is OK but I have the following task for one of my networking courses.

Use the certbot ACME client to generate a certificate for bla.sb.uclllabs.be with the following Subject Alt Names from the Let’s Encrypt CA (Certificate Authority):
secure.*
supersecure.*

The problem is that when looking at the alternative names here:
https://www.ssllabs.com/ssltest/analyze.html?d=indy-naessens.sb.uclllabs.be

I have the domain, secure and supersecure.
Is there a way to only have secure and supersecure there using certbot.

danb35 · November 11, 2019, 3:21pm

Do you see in the certbot command you ran the place where you specified the domain, secure.domain, and supersecure.domain? What do you think would happen if you specified only secure.domain and supersecure.domain?

rg305 · November 11, 2019, 6:12pm

In short, yes (there is a way).
But it requires splitting the reewnal request in two; so that you end up with two certificates.
Which sounds simple...
But depends on how your Apache vhost configs are setup.
The vhost configs would have to match the new grouped names.
OR
You could request "certonly" and deal with "which cert gets used where" manually.

system · December 11, 2019, 6:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.