Certbot.exe certonly --standalone does not produce desired outcome

certbot.exe certonly --standalone does not produce desired outcome. i require 9 different domain certificates that are independent of each other. IE only shows domain1.com and www.domain1.com
Also i like to specify where this file is saved. the default is "C:\root\Certbot . I want to change this.
i am a newby.....so after a 100 hours of trial and error, i am asking foe help. Thank you in advance for your help.
domain1.com + www.domain1.com
domain2.com + www.domain2.com
domain3.com + www.domain3.com
1st attempt: certbot.exe certonly used same email on all accounts....functional but no separation of domains
2nd attempt:certbot.exe certonly used different email for each accounts....merged all 9 certbot folders...ssl were non funtional
of course did not learn of test mode...so the whole thing took 10 days due to time outs.
thanks again for any valued insight

1 Like

so this worked to change location..for domain1.com + www.domain1.com
certbot.exe certonly --standalone --config-dir "C:/xxxxx/Certbot/zzzzz" --work-dir "C:/xxxxx/Certbot/zzzzz/lib" --logs-dir "C:/xxxxx/Certbot/zzzzz/log"
now how do i add 8 more ie: domain2.com + www.domain2.com seperate of all the other domains?

Subject Alt Names...shows
domain1.com
www.domain1.com
now how do i add 8 more ie: domain2.com + www.domain2.com seperate of all the other domains?

See the -d option in the Certbot documentation.

3 Likes

yes thanks ...All domains will be included as Subject Alternative
Names on the certificate. The first domain will be used as the certificate name, unless
otherwise specified or if you already have a certificate with the same name.

i do not want any inclusion nor any inter association between the domais....so it does not work

1 Like

Then get separate certs for each separate domain.

3 Likes

just tried save each domain to separate local ie --config-dir "C:/xxxxx/Certbot/domain1.com/zzzzz" and --config-dir "C:/xxxxx/Certbot/domain2.com/zzzzz" with different emails ...did not work...then reached limit again..gues we do a redo next week...thanks 4 yur reply

hello rg305............that is exactly what i am trying to do

Each certbot certonly --standalone ... command creates one cert with the domains listed in the -d options

Just issue another command with different -d options for a separate cert

Once you have all your certs you can use certbot renew to renew them all.

4 Likes

tried all that , merged folders...used different account s and emails...changed cerbot default folder location..hence the time out....after last attempt via unique folder change only the last domain is working out of 4 domains that did get changed...now back to time out.....will try diff ips on the next go around, with diff folder and emails .......setup certainly not KISS ......not opposed to pay someone to setup...thanks 4 reply

I think you have made this all much harder than it normally is with your "merged folders", "different accounts" and on and on. It is really quite straight-forward if you use it as it is intended.

You might try an ACME Client designed for windows. The Certify The Web is a gui which many people find very easy to use.

6 Likes

Given you are on a Windows Operating System perhaps another ACME would suit you needs better.

3 Likes

I don't really understand.. With the default settings, Certbot can be run multiple times, each time for a different certificate. You can specify the name of the certificate (just internally for Certbot) with the --cert-name if you want, otherwise Certbot would just use the first -d entry as the name.

No need for manually messing around with the folders et cetera.

4 Likes

tried ACME windows..not able to find "WinCertes.exe"...i guess i am off to chatgpt for answers....thanks 4 feed back...will post resolve if there is one

2 Likes

chatgpt says:
To set up multiple domains with Certbot on Apache, each domain being independent and not linked to one another or any reference to one another and different accounts, you can follow these steps:

Install Certbot: Follow the official Certbot installation guide for your operating system to install Certbot on your server.

Obtain SSL certificates for each domain: Run the following command for each domain separately:

css
Copy code
certbot certonly --webroot -w /var/www/example1 -d example1.com -d www.example1.com
Replace /var/www/example1 with the webroot directory for the specific domain. Specify the domain(s) using the -d flag. Repeat this step for each domain, providing the appropriate webroot directory and domain names.

Configure Apache for each domain: For each domain, you'll need to configure Apache to use the SSL certificates.

Create a separate virtual host file for each domain. For example, you can create a file named example1.conf in the Apache sites-available directory with the following content:

bash
Copy code

<VirtualHost *:80>
    ServerName example1.com
    ServerAlias www.example1.com
    DocumentRoot /var/www/example1
    Redirect permanent / https://example1.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName example1.com
    ServerAlias www.example1.com
    DocumentRoot /var/www/example1
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example1.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example1.com/privkey.pem
</VirtualHost>

Adjust the paths, server names, and document roots accordingly for each domain. Repeat this step for each domain, creating separate virtual host files.

Enable the virtual hosts: Use the a2ensite command to enable each virtual host. For example:

Copy code
sudo a2ensite example1.conf
Repeat this step for each domain's virtual host.

Restart Apache: After enabling the virtual hosts, restart Apache to apply the changes:

Copy code
sudo service apache2 restart
Apache will now serve each domain independently with its own SSL certificate.

Remember to periodically check for certificate renewals and update the Apache configuration if necessary.

pending testing

hello Osiris.....when you inspect your domain cert espc the altn location this is based on you having more than 1, does it say domain1.com, www.domain1.com or
domain1.com
www.domain1.com
domain2.com
www.domain2.com
domain3.com
www.domain3.com so forth
ths 4 yur reply

I don't understand a word of what you just said, sorry.

3 Likes

Which web server are you trying to get a certificate for? Is it IIS or Apache, or something else?

If IIS try installing https://certifytheweb.com then click New Certificate > select your IIS site, select Request Certificate).

[There is also win-acme, surprised that didn't come up in your search]

2 Likes

hello webprofusion i am on apache 2.4.57-win64-VS17.....thanks 4 yur reply.......i had to turn the clock back due to some underlying issues....so my main issue right now is
"Lets Encrypt activate HTTPS on port 443 and redirct all requests HTTP 80 to HTTPS 443" whats the cmd for 443 only
i do not recall in my 1k attempts that LE ever ask me to redirect all traffic on port 80 to port 443...looked at cmd help nothing jumps out...thks inadvance

found it....--no-redirect

If you use HTTP validation (which most people do) then Let's Encrypt will check your domain challenge response on port 80 (http), it will follow any redirects to https etc but it will not use port 443 for http validation, port 80 must be open to use http validation

If you are using certbot in standalone mode (not validating via Apache) it will starts it's own little webserver just to answer the http challenge, so you don't need to have apache listening on port 80 (if Apache is listening on port 80 then the port won't be free for certbot to use).

Alternatives:

  • You could possibly use tls-alpn-01 validation if you don't want to open port 80.
  • You could use DNS validation instead
3 Likes