Generating SSL Single cert for multiple sub-domain

devilx · July 28, 2020, 6:48pm

I have a domain, I want to obtain single ssl cert for Two of my subdomain.

cr.example.com sa.example.com so i want to have single cert for these two subdomain, what command should i need to use.

i tried few cmd but all show error with cmd.

certbot version - certbot 0.31.0

Osiris · July 28, 2020, 7:16pm

That partly depends on the situation. You can use certbot options to do that, but with some plugins, you might be able to just run the command certbot and use the questions interactively asked by certbot.

Unfortunately, for some reason you didn’t get or you’ve deleted the questionnaire which was presented to you when you started this thread in the Help section. Please answer all questions to the best of your knowledge:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

rg305 · July 28, 2020, 11:01pm

Your statement raises more questions than it answers:

What commands have you run (please show in full)?
Were any of those commands successful (in any way at all)?
What were the errors shown?

And as @Osiris pointed out, we need to better understand your particular situation before providing relevant advice; So, more (information) is better.

devilx · July 29, 2020, 8:02am

My domain is: blob.cat
I ran this command: sudo certbot certonly --email <your@emailaddress> -d <yourdomain> -d <yourdomain> -d --standalone

It produced this output: it showed me Help section

My web server is (include version): nginx-1.18.0

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: cant disclose

I can login to a root shell on my machine (yes or no, or I don’t know): yes i can login to shell with root

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I want single ssl for sa.blob.cat and ca.blob.cat

JuergenAuer · July 29, 2020, 8:10am

Hi @devilx

that -d is wrong, without a valid domain name. Remove it.

devilx · July 29, 2020, 8:24am

sudo certbot certonly --email <your@emailaddress> -d <yourdomain> <yourdomain> --standalone

So this the right command to generate single cert for two subdomain?

JuergenAuer · July 29, 2020, 8:26am

Please start there:

devilx · July 29, 2020, 8:33am

I didnt find anything related to my use case

i did replace yourdomain with with my subdomain i didnt made changes here.

Osiris · July 29, 2020, 8:47am

Please give us the total command you’ve used without substitutions.

devilx · July 29, 2020, 9:24am

sudo certbot certonly --email myemail@emai.com -d sa.blob.cat -d ca.blob.cat -d --standalone

JuergenAuer · July 29, 2020, 9:42am

Second time: Why do you think that should work? --standalone isn't a domain name.

devilx · July 29, 2020, 9:46am

No he asekd me that what cmd i used?

although i havent find any command in doc that will help me generate single cert for two subdomain.

can you please send cmd that can work with this?

For simgle sub domain i use this

sudo certbot certonly --email myemail@emai.com -d sa.blob.cat --standalone

and it works fine

Osiris · July 29, 2020, 11:22am

I assumed you already corrected the error which was pointed out to you earlier.

No, you need to understand what you're doing incorrectly. Please read @JuergenAuer s first post, it contains your answer. Also please count the amount of -d options you've used between your single and multiple subdomain commands. If you don't know what the -d option does, please read about it in the documentation linked earlier by @JuergenAuer.

devilx · July 29, 2020, 11:45am

ohh now i see my error, i added -d which means it needed an extra valid domain. so the correct cmd will be

sudo certbot certonly --email <your@emailaddress> -d <yourdomain> -d <yourdomain> --standalone

This

Osiris · July 29, 2020, 2:47pm

Yes.

devilx · July 29, 2020, 6:38pm

@JuergenAuer @Osiris

I owe You guys an apology, Sorry for being ignorant and not listen to you specially @JuergenAuer

Sorry

Osiris · July 29, 2020, 7:01pm

No problem @devilx

I am however curious why you’re using --certonly? Because you said earlier you’re using nginx. Is there a reason why you’re not using the nginx plugin? Perhaps because you want to install your certificate manually into the nginx configuration? Even if that’s the case and you don’t want to automatically install the certificate and keep certbot away from your nginx configuration, you might want to look at the webroot plugin. Because with --standalone you’ll need to stop nginx every time you have to renew your certificate (which can be done automatically with specific hooks). With the webroot plugin, you can just let nginx run.

devilx · July 29, 2020, 7:24pm

I Like to have more manual control over things that is why im using --certonly . I tried webroot before but it fail to verify. i even tried to debug it and everything was fine but it didnt worked and i didnt put much effort into it to make it work.

Osiris · July 29, 2020, 7:44pm

The webroot plugin should be really simple: just use the same path as your root option in the nginx configuration for that virtualhost as -w option for certbot.

system · August 28, 2020, 7:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.