Generate a cert having two domains and also using CSR

sdivyareddy216 · November 3, 2019, 5:57am

Aim:
Need to generate a certificate from LE using certbot, which should support two domains and also will use the csr generated by our enterprise for the same

For instance
2 domains are - “proxy.abc.net” and “.proxy.abc.net" (with and without wildcard "”)
CSR has the above 2 domains in it’s SAN List.

But when tried to generate the cert using the Certbot command:
certbot certonly --preferred-challenges dns --manual --manual-auth-hook <pre_hook_script>
–server <local_boulder_server> -d “proxy.akaetp.net” --csr <path_to_csr_file>
–register-unsafely-without-email --manual-public-ip-logging-ok --agree-tos

Noticed the following Error:
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: /etc/letsencrypt/live/csr.pem

Can you please help in resolving the same. Blocked at this point. Thanks in advance.

JuergenAuer · November 3, 2019, 6:34am

Hi @sdivyareddy216

if Certbot answers with such a message,

your command is wrong.

So share your complete command.

May be a typo or a problem of that forum software:

–server

is wrong, must be

--server

rg305 · November 3, 2019, 9:54am

You must use DNS authentication for WildCard cert.
And I do see that you are trying to do that… but without sharing the actual command you typed, it is nearly impossible to guess what is typed incorrectly.

rg305 · November 3, 2019, 9:56am

@JuergenAuer may be right:

[one single wide character]

doesn't equal "--"
[two dashes]

sdivyareddy216 · November 4, 2019, 7:43am

Sorry, it was a typo here.

sdivyareddy216 · November 4, 2019, 7:44am

Sorry, it was a typo here, but in general i’m trying to do with double hypen

JuergenAuer · November 4, 2019, 7:54am

Use ``` to start a new row, then the code, then a second row with these three accents.

sdivyareddy216 · November 4, 2019, 3:04pm

hi @JuergenAuer, I actually use subprocess from python to run certbot command

subprocess.run(["certbot", "certonly", "--preferred-challenges",
                                       "dns", "--manual", "--manual-auth-hook", <path to prehook>,
                                       "--server", <local boulder server>,
                                       "-d", "proxy.abc.net"
                                       "--csr", <path to csr>, "--register-unsafely-without-email",
                                       "--manual-public-ip-logging-ok", "--agree-tos"])

mnordhoff · November 4, 2019, 3:17pm

There's no comma after "proxy.abc.net", so Python combines the string literals into "proxy.abc.net--csr".

sdivyareddy216 · November 5, 2019, 4:23am

Thanks @mnordhoff, it worked.

system · December 5, 2019, 4:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.