Hey people. I’m working on figuring out the best way to implement letsencrypt into my web server. I’ve been poking around but still have some general questions:
First, it appears you can put many totally different domain names into one SAN certificate? (as opposed to just doing sub domains of the same parent domain. But I want to confirm this is correct?
Is there a limit to how many different items can be in one SAN certificate?
I’m guessing there is a limit, and that limit is probably pretty high. I currently have about 9 websites hosted on my server, many of those sites have a rich array of subdomains. All have at least “@” and “www”. So there seem to me to be two logical ways to do this, I could put everything in one big certificate, OR I could do one certificate per domain, containing all of the subdomains. Are there reasons I would want to do it one way over another? Doing everything in one cert has the advantage of simpler scripts to manage. But not that much simpler.
Also when I got my first cert, i see that it puts certs into /etc/letcencrypt/live/example.com/…
Where does it get “example.com” from? In other words, say I put example1.com and example2.com into a single cert, what will the path to that cert be? How is that determined?
Lastly for now, does certbot have a command to show all current certificates I have, and some info about them… particularly their expiration date?