I am using Let's encrypt certificate for a domain. I used the following command to generate the certificate:
sudo certbot -i apache -a manual --preferred-challenges dns -d www.XXXXX.in
I want to use a different certificates for subdomains. Please let me know how can I generate the certificate for a domain so that it will not effect the subdomain's certificate (to prevent the same domain certificate in subdomain).
Yes? Yes to the example?
Is that example exactly what you are trying to do?
I understand about you wanting two certs…
But I don’t understand when you try to explain it all in just one sentence:
In short - “I need diff certs: 1 for purpose A and 1 for purpose B as well as A’s cert should only work for A”
Regardless if A and B are similar certs (or not), Cert A will always only work for purpose A and only A.
You may be trying to describe some “overlap”, but I’m just not understanding.
Please try to show exactly what you want more clearly.
As I did in my example.
Include as much detail as possible.
If you just run Certbot once for each domain, it will issue separate certificates.
sudo certbot -i apache -a manual --preferred-challenges dns -d b.example.org
sudo certbot -i apache -a manual --preferred-challenges dns -d a.example.org
So I want to generate one Let's encrypt certificate to authorise all the subdomains SSL connection. Can I get the required certificate after running the following command:
sudo certbot -i apache -a manual --preferred-challenges dns -d example.org
The base domain certificate covering example.org is not a wildcard certificate and does not apply to subdomains. As others have explained, you can request a wildcard certificate only using the ACMEv2 server and a newer version of Certbot.
If you know all of the subdomains ahead of time and you simply want to list them in a single certificate, you can use the form that @_az gave
This works with older versions of Certbot and produces a certificate covering six specific subdomains, rather than a wildcard.
Using -a manual like this can be inconvenient because it won't support automatic renewal (when the certificate is going to expire, you'll have to run the same command again and perform the same authentication steps manually again).
Maybe @sahsanu's post could have been more explicit on this point:
... if your certbot version is older than that, your version of certbot is completely incapable of requesting a wildcard certificate and needs to be upgraded to a newer version.