Creating a single certificate for 2 different domain

My domain is:,

I ran this command: certbot certonly --standalone -d -d

It produced this output: Challenge failed.

My web server is (include version): N/A

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0-1ubuntu0.1

When I try to create a cert for separate domain, it is working fine.

Please post the logfile; also you could retry the command with the option --debug to see and share more details.

1 Like

Here is where the error occurred.

2023-03-29 07:09:46,741:DEBUG:acme.client:Storing nonce: 15C9_I2NqAga8BfwwZsSR48ULiomZl_XfJM6rj47c0q8Dis
2023-03-29 07:09:46,742:WARNING:certbot.auth_handler:Challenge failed for domain
2023-03-29 07:09:46,742:INFO:certbot.auth_handler:http-01 challenge for
2023-03-29 07:09:46,743:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Type:   connection
Detail: Fetching Connection refused

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP add>
2023-03-29 07:09:46,743:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

I see two different IPs:



Using --standalone, you can only get a cert for names that resolve to the IP of the server.


Oh I see. Is there any other workaround so I can create a single cert for 2 domain?

Yes; When using DNS-01 authentication one can get a cert for any domain name(s) under their control.
[up to 100 entries per cert (when using LE certificates)]

That said, how would you use the cert for a name that doesn't resolve to the local server IP?
I mean if you have two servers, then there needs to be two certs anyway.
Yes, you can create one cert with both names on it.
But then you would have to create some way of sharing that cert between them.
[overcomplicating a very simple process]

I would suggest that you keep things as simple as possible and treat each system independently.


How did you get both certificates separately in the first place? Also on separate servers, as the IP addresses differ? Or are both IP addresses from the same server?


I used the --standalone. Yes the IP Addresses differ across the 2 VMs.

Could you temporarily point the DNS for the second one to the IP where --standalone is running? Then, change the IP back after getting the cert.

I see the domain names have "test" in them so I thought this might work.

You don't have to wait for propagation because Let's Encrypt servers use the authoritive DNS name servers to determine the IP. The changed IP just has to sync between all the auth DNS servers which usually is very fast.


You could also make a single specific host responsible for the certificates and redirect requests for the path /.well-known/acme-challenge/ to that specific host.

You'd need to securely transfer the certificate on that host to the other host(s) obviously afterwards.


I must ask:
Why do you need one cert with two names [that don't both resolve to the local IP]?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.