When I request a new certificate I use -d www.test.com -d test.com
I would like to get these values again when I renew via some automation I am creating. However, I have noticed that the .conf in the renewal folder for the particular domain does not hold both of values. It simply holds
Why is this? And, if I don’t include both names in the renewal isn’t the certificate going to be wrong?
I’ve found my /etc/letsencrypt/renewal/*.conf still contain details of the staging certificates I created rather than the details of the live certificates I replaced them with, so basically my renewal confs are all wrong. I did find a relevant github issue raised for it but I can’t find it now.
Until the renewer is ready my renewal script get the domains from the live certificates in a bash script like so:
# given a certificate file returns "domain1,domain2"
function getDomains() {
openssl x509 -text -in "$1" |
grep -A1 "Subject Alternative Name:" | tail -n1 |
tr -d ' ' | tr -d 'DNS:'
}
domains=$(getDomains $path_to_cert)
then I use --domains=$domains switch rather than separate -d switches.