certbot.exe certonly --standalone does not produce desired outcome. i require 9 different domain certificates that are independent of each other. IE only shows domain1.com and www.domain1.com
Also i like to specify where this file is saved. the default is "C:\root\Certbot . I want to change this.
i am a newby.....so after a 100 hours of trial and error, i am asking foe help. Thank you in advance for your help.
domain1.com + www.domain1.com
domain2.com + www.domain2.com
domain3.com + www.domain3.com
1st attempt: certbot.exe certonly used same email on all accounts....functional but no separation of domains
2nd attempt:certbot.exe certonly used different email for each accounts....merged all 9 certbot folders...ssl were non funtional
of course did not learn of test mode...so the whole thing took 10 days due to time outs.
thanks again for any valued insight
so this worked to change location..for domain1.com + www.domain1.com
certbot.exe certonly --standalone --config-dir "C:/xxxxx/Certbot/zzzzz" --work-dir "C:/xxxxx/Certbot/zzzzz/lib" --logs-dir "C:/xxxxx/Certbot/zzzzz/log"
now how do i add 8 more ie: domain2.com + www.domain2.com seperate of all the other domains?
Subject Alt Names...shows
domain1.com
www.domain1.com
now how do i add 8 more ie: domain2.com + www.domain2.com seperate of all the other domains?
See the -d
option in the Certbot documentation.
yes thanks ...All domains will be included as Subject Alternative
Names on the certificate. The first domain will be used as the certificate name, unless
otherwise specified or if you already have a certificate with the same name.
i do not want any inclusion nor any inter association between the domais....so it does not work
Then get separate certs for each separate domain.
just tried save each domain to separate local ie --config-dir "C:/xxxxx/Certbot/domain1.com/zzzzz" and --config-dir "C:/xxxxx/Certbot/domain2.com/zzzzz" with different emails ...did not work...then reached limit again..gues we do a redo next week...thanks 4 yur reply
hello rg305............that is exactly what i am trying to do
Each certbot certonly --standalone ...
command creates one cert with the domains listed in the -d
options
Just issue another command with different -d options for a separate cert
Once you have all your certs you can use certbot renew
to renew them all.
tried all that , merged folders...used different account s and emails...changed cerbot default folder location..hence the time out....after last attempt via unique folder change only the last domain is working out of 4 domains that did get changed...now back to time out.....will try diff ips on the next go around, with diff folder and emails .......setup certainly not KISS ......not opposed to pay someone to setup...thanks 4 reply
I think you have made this all much harder than it normally is with your "merged folders", "different accounts" and on and on. It is really quite straight-forward if you use it as it is intended.
You might try an ACME Client designed for windows. The Certify The Web is a gui which many people find very easy to use.
Given you are on a Windows Operating System perhaps another ACME would suit you needs better.
I don't really understand.. With the default settings, Certbot can be run multiple times, each time for a different certificate. You can specify the name of the certificate (just internally for Certbot) with the --cert-name
if you want, otherwise Certbot would just use the first -d
entry as the name.
No need for manually messing around with the folders et cetera.
tried ACME windows..not able to find "WinCertes.exe"...i guess i am off to chatgpt for answers....thanks 4 feed back...will post resolve if there is one
chatgpt says:
To set up multiple domains with Certbot on Apache, each domain being independent and not linked to one another or any reference to one another and different accounts, you can follow these steps:
Install Certbot: Follow the official Certbot installation guide for your operating system to install Certbot on your server.
Obtain SSL certificates for each domain: Run the following command for each domain separately:
css
Copy code
certbot certonly --webroot -w /var/www/example1 -d example1.com -d www.example1.com
Replace /var/www/example1 with the webroot directory for the specific domain. Specify the domain(s) using the -d flag. Repeat this step for each domain, providing the appropriate webroot directory and domain names.
Configure Apache for each domain: For each domain, you'll need to configure Apache to use the SSL certificates.
Create a separate virtual host file for each domain. For example, you can create a file named example1.conf in the Apache sites-available directory with the following content:
bash
Copy code
<VirtualHost *:80>
ServerName example1.com
ServerAlias www.example1.com
DocumentRoot /var/www/example1
Redirect permanent / https://example1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example1.com
ServerAlias www.example1.com
DocumentRoot /var/www/example1
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example1.com/privkey.pem
</VirtualHost>
Adjust the paths, server names, and document roots accordingly for each domain. Repeat this step for each domain, creating separate virtual host files.
Enable the virtual hosts: Use the a2ensite command to enable each virtual host. For example:
Copy code
sudo a2ensite example1.conf
Repeat this step for each domain's virtual host.
Restart Apache: After enabling the virtual hosts, restart Apache to apply the changes:
Copy code
sudo service apache2 restart
Apache will now serve each domain independently with its own SSL certificate.
Remember to periodically check for certificate renewals and update the Apache configuration if necessary.
pending testing
hello Osiris.....when you inspect your domain cert espc the altn location this is based on you having more than 1, does it say domain1.com, www.domain1.com or
domain1.com
www.domain1.com
domain2.com
www.domain2.com
domain3.com
www.domain3.com so forth
ths 4 yur reply
I don't understand a word of what you just said, sorry.
Which web server are you trying to get a certificate for? Is it IIS or Apache, or something else?
If IIS try installing https://certifytheweb.com then click New Certificate > select your IIS site, select Request Certificate).
[There is also win-acme, surprised that didn't come up in your search]
hello webprofusion i am on apache 2.4.57-win64-VS17.....thanks 4 yur reply.......i had to turn the clock back due to some underlying issues....so my main issue right now is
"Lets Encrypt activate HTTPS on port 443 and redirct all requests HTTP 80 to HTTPS 443" whats the cmd for 443 only
i do not recall in my 1k attempts that LE ever ask me to redirect all traffic on port 80 to port 443...looked at cmd help nothing jumps out...thks inadvance
found it....--no-redirect
If you use HTTP validation (which most people do) then Let's Encrypt will check your domain challenge response on port 80 (http), it will follow any redirects to https etc but it will not use port 443 for http validation, port 80 must be open to use http validation
If you are using certbot in standalone mode (not validating via Apache) it will starts it's own little webserver just to answer the http challenge, so you don't need to have apache listening on port 80 (if Apache is listening on port 80 then the port won't be free for certbot to use).
Alternatives:
- You could possibly use tls-alpn-01 validation if you don't want to open port 80.
- You could use DNS validation instead