Configuring groups of domains for auto renewal

I am trying to setup certbot such that I have 3 or 4 groups of domains and sub domains. I am a bit lost as to how to group them. I was able to group them in the past but when I run “certbot” for a renewal it merges all domains under a single certificate. So I probably did it wrong somehow.

I wish to re-segregate and configure auto renewals to avoid this problem. When I run certbot it would renew the individual certificates without merging them.

I am running this on nginx which has multiple config files.

Hi @White_Cat

that happens, if you start Certbot interactive and select that option. Then one certificate with all domain names is created

Start Certbot manual and use the -d flag.

certbot -d -d

then the next domain. So you have different certificates with a smaller number of domain names. renew doesn’t change that.

I kind of want to avoid using the -d flag individually in that manner. I also want to avoid micro manage domains and sub domains within a group,

The nice thing about the certbot interactive command is not only does it renew certificate(s) that need renewing but it automatically adds (sub)domains as needed.

Is there a way to automate this process such that it can pull domains and subdomains from pre-selected nginx config files?

That sounds like a feature request.

Certbot is already doing autorenewals.
Now you are asking for it to autoconfigure the autorenewals.

[doesn’t hurt to ask, but, to me, sounds overly burdening & a complete bypass of admin duty/diligence]

Then create the script you want.

Fair enough, I thought there was a native way to do this but evidently not.

So I am writing the bash script (first real bash script in eons for me) but I am a bit spoiled by the interactive options as I am trying to automate them.

So I have certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini --redirect --cert-name

This acquires the certificate, presumably creates the HTTPS redirects per the --redirect tag but it does not modify the nginx config files at all in a manner the interactive options would ask to do. Am I missing something?

I also read about an --installer tag but that complains about expecting one argument when I use it.

Maybe it’s expecting a command like run instead of certonly (read the certbot docs :wink:)

And, oh, obviously, it wants to know which installer to use.

1 Like

That’s right—if you want to be able to use --installer then you should have run (or simply no verb) rather than certonly. In this case it could be, for example, --installer nginx to use the nginx installer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.