Certbot Shell - where/how do you define the subdomain & domain


#1

Looking into using automated certbot. My host name is not the same as my domain. I’m wondering how is my subdomain.domain.com define when using the automated shell scripts.

Can I just wildcard it so the one cert will work on a couple of my subdomains so I won’t have to run 2 or 3 shells for each subdoamin ?


#2

Which part of the process are you trying to automate?
certbot already does a pretty good job of setting things up for automated renewals…
Once you have obtained your certs, all you should have to do is run certbot renew
And possibly some hooks (like: --deploy-hook)


#3

I guess i’m a little confused as how to set it up

Do I get the cert manually first, set it up in my apache site conf file and then certbot takes over or do I need to add the domain name to some certbot conf file


#4

Reading through the user’s guide now


#5

Hi,

You can do it in either ways.

certbot certonly will let you enter domain name you want to request certificate and you need to install it by yourself manually. (Paste into Apache vHost and reload Apache etc…)

certbot -apache will let you choose from a list of vHosts (that has domain) and request & install certificate automatically. (Which means less work for you)

However, if you want to request wildcard certificates, run certbot certonly or certbot manual .(since you would need to request certificate using DNS validation) and you would need to determine if you DNS provider support API (and if certbot could automate with your DNS provider)

Thank you


#6

You only need to get the cert correctly.
In the most desirable way - like without having to stop and then start your web service.
Get that process right and every renewal will be done the exact same way.


#7

Thanks for the reply - The server is not hosted it behind my router. I run a few on different ports

I like the automated idea - will have to read more


#8

Seems like wildcards have to be done manually - Automation would be nice since it has to be done every 30 days


#9

Hi,

Correction; it’s every 90 days (same length as regular LE certificate)

Thank you


#10

oops yeah 90 days - my bad


#11

The manual actually depend on how you host your DNS…

Can you share us your domain name (or simply tell us your DNS provider?)

Thank you


#12

domain and DNS is with godaddy disorbo.us

I was thinking of going with SSLForFree but again I’d like to automate if possible

So I’d get a *.disorbo.us disorbo.us and then use that on the couple of https server that I have behind my router


#13

@DoubleD

Good news…

Take a look at this extension.

This is the one you need.


#14

Thanks, I also have one with Network Solutions

Maybe I’ll just do it with SSLForFree.com and go the manual route


#15

If you don’t automate the process, I can assure you that 90 days will come by a lot quicker than you would think - LOL


#16

Yeah I know - and having a 1/2 dozen servers (personal and some at work) will compound it :scream:


#17

True. But you only need to solve the riddle once.

(hopefully you can and will)


#18

Yeah true - I’m going to try it (certbot) with a little used server at work which I already installed certbot on but never tried running it. I did create a wild card with SSLForFree.com and installed it. - I also plan on inserting the wildcard into a Lotus Notes server running on windows


#19

Sounds like someone needs to look into an acme-dns instance.


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.