How to create a SAN cert?


#1

Hi guys managed to successfully create an SSL with Lets Encrypt yesterday but only problem is it only works for the www. version of our site, not the non www. We have a re-direct from the non www. to the www. version and since joining Google Project Shield proxy for our news site the non www. version of the site is bringing up errors. This is because we need a SAN cert to include both domains to get the bare domain feature in the proxy provider working and allow the re-direct, I think. I’m new to Lets Encrypt and am aware this is probably straightforward but anyone how do I get the SSL into the correct SAN cert that we need for both the www. version of our site and the non www. version? I simply used command prompt to generate yesterday’s cert and installed manually on our host provider. Thanks in advance.


#2

Hi, what software did you use and what command did you run?

Creating SAN certs is indeed straightforward with all Let’s Encrypt clients, but the details depend on which client you used. (For example, with Certbot you should add an additional -d item for each domain that needs to be covered by the cert.)


#3

Thanks for the quick response Schoen. I used the following commands in command prompt on windows locally on my desktop, then uploaded the files and key generated manually to my host provider. I used:

  1. pip3 install manuale 2. manuale register yourname@gmail.com 3. manuale authorize example.com ■ Add the shown DNS record to your domain 4. manuale issue example.com --output certs

I did the above but added in www. before our domain. I was going to try and simply add ‘and domain.com’ next to the www. above but not sure what to do.


#4

According to the documentation of manuale, you could get a SAN certificate by calling the authorize function multiple times and after that use one issue function for all the domains in question. For example:

manuale authorize example.com
manuale authorize www.example.com
manuale issue example.com www.example.com --output certs

:slight_smile:


#5

Thank you sir :slight_smile: Will try this in the morning and come back on here to let you know how it goes.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.