Certbot Auto-renew w/ Multiple Domains


#1

Thanks so much in advance for the help. I have just discovered Certbot (and particularly the easy renewal) and would love to use it on a server where I host multiple projects. It’s unclear whether this functions as I need it to.

When I run the renewal script as a dry run (./certbot-auto renew --dry-run) I get the following output:

Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/subdomain.site1.com/fullchain.pem (success)
/etc/letsencrypt/live/site1.com/fullchain.pem (success)
/etc/letsencrypt/live/www.site1.com/fullchain.pem (success)
/etc/letsencrypt/live/subdomain.site2.com/fullchain.pem (success)
/etc/letsencrypt/live/site2.com/fullchain.pem (success)
/etc/letsencrypt/live/www.site2.com/fullchain.pem (success)

[etc]

When I set these up, I did so with groupings by site ie. all site1.com domains share the same certificate, all site2.com domains share the same certificate, etc.

My question: if I run ./certbot-auto renew --quiet --no-self-upgrade (as recommended here) will all of my sites be renewed under a single certificate (not what I want) or will each existing certificate be renewed (what I want)?

Hoping to have a single cronjob line renew all certificates individually, automatically. Thanks!


#2

Hi @rsefer, the renew verb attempts to renew each individual certificate that you have installed (if it’s time to do so), without any changes. It doesn’t attempt to combine them or alter the associated certificate coverage at all. So the existing functionality is probably what you want.


#3

Thanks @schoen! I was hesitant to try this without asking - seems to be working fine.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.