The workflow still seems a bit strange.
- have a cert for
- create a cert for
domainB domainA (
- renew cert for
domainA automatically (because it expires and the renew file is there)
- cert for
domainB domainA is about to expire, now it’s time to merge
certbot -t -n certonly -d domainA -d domainB
live/domainB cert is renewed (?)
- run certbot without
-t -n and get asked if it should be renewed hitting the 5 certs / 7 days limit (okay), but with the config
domainB.conf (old cert which contains
- accept. The new certificate is stored in
live/domainB again instead of
domainB.conf renewal file and editing all paths in it seems to help. But there is no main domain defined, so is the main domain chosen from the old cert or from the filename of the config file?
For automation i would like to have some command, which exactly creates a certificate with
CN of the first
-d argument and the alt-names in the order of the next domains (not that important).
But especially with a predictable filename. This means if a certificate is created, it should be in
live/firstDomainname/cert.crt, no matter which certificate was extended/renewed with the command.