The process lacks automation, but if I understand how you wish to do the steps, then maybe a browser-based version will work better.
Try ZeroSSL.com, for example.
You create the account key and the csr in the first step.
Then it lists the files, and contents, needed to verify the domains.
It sits and waits until you click next, then the verification of all the domains is done.
Once ALL domains pass it displays the cert for you to save.
If ANY domain fails verification, it will fail, and allow you to retry (I think), until you get it right or give up.
Whether you do well-known file all at once, then verification all at once, or do well-known and verification in order per domain shouldn’t matter. If the first one fails verification, there is no point in verifying any more, since the cert lists all sites and must verify all of them before it can “certify” and sign the cert. You can’t have a cert listing 5 sites, and only pass verification on 4 of them. Otherwise I could list one of your sites on my cert, and get is signed!
After reading the ACME documentation, especially Section 7.2, I don’t know about this part, but you might want to verify that idea. As I understand it LE issues a random token as part of the challenge, and that token becomes the well-known filename to provision on the server. If that’s correct then certbot couldn’t always get the same well-known files. Additionally, it’s not the client (certbot, GetSSL, or any other) that determines what the well-known file will be, it is the certificate server’s challenge to the client to create that file.
Lastly, I don’t think I understand what process you’re trying to create: [quote=“porunov, post:5, topic:23278”]
if you even were able to download web-known files, distribute it to different hosts then you can’t verify them as they aren’t be verified by letsencrypt
Each host has to have its own, unique, challenge, and therefore, well-known file. Distributing one successful well-known file to different hosts still will not verify them, since its the response to a different host’s challenge.
Somehow I think one of us has a misconception of two of how the process works, and what happens that we don’t see. I’m ready to admit that it could well be me, as I am very new to LE, and even to SSL and encryption itself.
I also concede that I probably haven’t said what I meant in the correct way, but I hope it is at least understandable, and I mean no offense, and apologize if any was given.