My domains are
I ran this command: I am trying to figure out the details of the command
It produced this output: n/a
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
I can login to a root shell on my machine: yes:
I’m using a control panel to manage my site (no):
Details of the project are at https://garyjohnson53.wordpress.com/2019/05/23/letsencrypt-multi-domain-san/
How to handle www.domains and plain domains?
I use the dig ‘domain name’ + short // a linux command + short to show the A record
dig www.pbacloudb2019-doctortest.com +short
dig pbacloudb2019-doctortest.com +short
If www.pbacloudb2019-doctortest.com points to both the ip and the non www version
can I just request certificates for the www version and will DNS and other magic show its protected by sll if the user does
the rules are simple:
- create two dns A records non-www and www
That’s already done ( https://check-your-website.server-daten.de/?q=pbacloudb2019-doctortest.com ):
- Create a port 80 vHost with ServerName / ServerAlias (Apache) with both domain names, so both port 80 connections should work
- create one certificate with both domain names non-www and www
- create a redirect in the port 80 vHost http -> https without changing the domain name (http status 301)
- select one version as the preferred version and create a redirect https + not-preferred version -> https + preferred version.
I work on a site that uses Name Based Virtual Hosting.
I am planning for 535 sets of URLs like the above combination of www and non www.
The Maximum sites per cert is 100 (less is better).
If I need to do certificates with both domain names non-www and www
Can I do this
Create 14 certificates and (maximum 87 URLs per cert gets me to 600 domains)
The Number of URLs has to be Less than Maximum - urls_per_cert (100 max , can be as low as 25)
Is there a maximum Number of Certs per_ip address?
Do you know of any SNI constraints and requirements?
You can. But it’s possible that you create one certificate per main domain (with
www.example.com). So if you remove a domain name, the domain name isn’t used in another certificate.
I don’t know, but I don’t think.
There are a few things I think I can do to make my life easier. One thing going for these sites is that they are not ecommerce, they are pretty much informational and changes are infrequent.
I think I can use
When performing domain validation, do not consider it a failure if authorizations cannot be obtained for a strict subset of the requested domains. This option cannot be used with --csr.
Thank you for taking the time to answer my questions. I have certificates for my first site.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: pbacloudb2019.com
Domains: pbacloudb2019.com pbacloudb2019-doctortest.com www.pbacloudb2019-doctortest.com www.pbacloudb2019.com
Expiry Date: 2019-08-21 19:24:22+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/pbacloudb2019.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pbacloudb2019.com/privkey.pem
I will be writing renewal and other scripts to handle these certificate tasks. I will be tracking sites that are dropped and added.
Can I renew a certificate with a different list of names? (I thought that was possible, but thats why I am asking these questions)
The question I should have asked, is what would someone with your knowledge do?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.