Best practice for single cert covering multiple subdomains on different servers?


#1

Say I have

example.com
www.example.com

On Server A, and

git.example.com

On Server B, and

firewall.example.com

on Server C

Not all running the same server software and not all running a webserver. How do I include all relevant subdomains in one certificate in this case?


#2

I think the easiest would be using DNS, since you don’t have a webserver on all the servers.


#3

Cool, and that feature isn’t implemented into the letsencrypt client yet, is that correct? Assuming I use this to track the progress https://github.com/letsencrypt/letsencrypt/pull/2061?


#4

correct. It is already in some of the alternative clients though. I’m not fully sure which of the clients include the DNS option, but certainly https://github.com/lukas2511/letsencrypt.sh and https://github.com/srvrco/getssl do.


#5

Great, thanks for the help!