Can I use letsencrypt in more than one subdomain?


In short, it sounds like it, yes.

Have you aborted some of the attempts part way through ? if not, what commands are you running ?

#22 - just run a command following that instruction’s_Encrypt is look here (I didn’t see that any new cert been created).


the “Pending” state is where you have asked for a token to prove ownership of a domain, and then not told Let’s Encrypt it’s ready to be tested. So from the “Too Many Pending” I wouldn’t expect any certs issued - because the “pending” state is before that.

With only part of the log in your screen dump I can’t tell fully, It may be a bug in the ISPmanager script. I’d need the whole log to be certain, or you could ask the ISPmanager developer to take a look.


May be the problem that I’m using NGINX server rather that Apache?


Possibly, I don’t know the ISPmanager integration script, so I don’t know if that’s designed to run with nginx as well as apache or not.


Just a made a test the ISPmanager script created a folder … I tried created a file 1.txt -

it said:

404 Not Found

Something wrong file should be open ok?


Yes, something wrong there. That should open fine in the browser.

Have you got the “web root” directory correct ? ( i.e. the base folder for the domain, in your file structure, where the .well-known/acme-challenge/ folder should be ( and then the 1.txt file within it )


location ~ /.well-known {
allow all;

…looks like it solved issue

now its possible to access to 1.txt file. And I see that he have success to 40 alias (in my log) but for 41 alias it POPup with issue

May be somekind of firewall or DDOS protection on myserver block this?


It could be, yes. What’s the info immediately before the error ?


just re-run the command now 80 aliases are success and 81 is issued and certificates receiving process is stoped)…

And right now receive issue

so again wait 3 hours?


Again, I need the debug info from just before the error really, in order to determine more where the error is. It does seem to be doing things in an odd way - with all the registrations


We want to do DNS based load balancing for ~ 2500 webradio streams and want to use one (sub-)subdomain per radio station. Is there any news concerning wildcard certificates?


  1. Yes, just include all the domains with separate -d options. If you are using a new enough version of certbot, there is a --delete flag you can use. Or you can manually remove all reference to it in /etc/letsencrypt



I don’t have the post in front of me, but last I read, they weren’t planning on supporting wildcard certificates (anytime soon anyway)


That’s (really) a pitty. :frowning: (very, very much until it’s 20 chars)


Make sure you use --cert-name option

For example:

--cert-name mycertname

To see your certificate name, run certbot-auto certificates

Full example:

certbot-auto certonly --cert-name --renew-by-default -a webroot -n --expand --webroot-path=/usr/share/nginx/html \
-d \
-d \
-d \
-d \


In case you folks haven’t seen the good news yet:


Awesome to know in January is coming the Wildcard Certificates! Great help guys! Thanks a lot everyone!

This is the best from letsencrypt the awesome support you guys give! Its amazing! Thanks again!