I'm trying to get an automated way, via certbot, to duplicate certificates. Digicert has a 'duplicate' option with its certificates, where you can order one cert and duplicate it (assuming the common and SAN names don't change). This is our case, as we have a wildcard cert that we deploy to a lot of different servers. The 'duplicate' feature is nice, as it effectively allows us to have the same cert on many servers, but each server would have it's own private key.
However, I'm running into roadblocks with this functionality and certbot. The --duplicate option that certbot has appears to only work with certs that it itself has generated. In this case I'll already have the origin cert created, so I don't believe this will work.
Does anyone have any experience with this or know if it's even possible? I know Digicert provides it's own API for doing duplicates, but I was hoping to have certbot manage the cert/renewals etc.
I'm using certbot version 1.10.1 on CentOS 7.