I have several subdomains that I have certificates for. When I expand my certificates to cover all the subdomains, it seems like LetsEncrypt randomly chooses a subdomain to display for the certificate.
It randomly chooses hello.domain.com to display on the certificate. This doesn’t really make sense. I would like it to display domain.com.
I have tried updated the /etc/letsencrypt/renewal/domain.conf file. I put domain.com first in the list of domains, but that did not do anything.
I also tried deleting all my other certificates. Restarting with just a certificate for domain.com. Then going back and expanding it out. That did not work either. Still displays a subdomain on the certificate that doesn’t really make sense and shouldn’t be there.
Yes thanks, that does look like my issue. It looks like it’s considered more of a “feature” than an issue though.
Right now when someone clicks to view the certificate, they see a subdomain that is internally used. So that is confusing. If there is no way to order these SAN’s ( or choose the one shown by the cert ). I may have to go back to using a single certificate for each subdomain.
@eolson, I think it is possible that Boulder will be changed to stop having this behavior, but it doesn’t look like there has been concrete work toward that yet. It might be helpful if you could comment on the GitHub issue (or I can comment for you if you’d like me to).