How to handle and plain domains?

My domains are

I ran this command: I am trying to figure out the details of the command

It produced this output: n/a

My web server is (include version):
Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS

I can login to a root shell on my machine: yes:

I’m using a control panel to manage my site (no):

Details of the project are at

Question 1
How to handle and plain domains?

I use the dig ‘domain name’ + short // a linux command + short to show the A record

dig +short

dig +short

If points to both the ip and the non www version

can I just request certificates for the www version and will DNS and other magic show its protected by sll if the user does



Or this


Hi @gmgj

the rules are simple:

  • create two dns A records non-www and www

That’s already done ( ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 2 0
AAAA yes C yes 1 0
A yes
  • Create a port 80 vHost with ServerName / ServerAlias (Apache) with both domain names, so both port 80 connections should work

That’s done:

Domainname Http-Status redirect Sec. G 200 0.387 H 200 0.373 H
  • create one certificate with both domain names non-www and www
  • create a redirect in the port 80 vHost http -> https without changing the domain name (http status 301)
  • select one version as the preferred version and create a redirect https + not-preferred version -> https + preferred version.

Thank you!
I work on a site that uses Name Based Virtual Hosting.

I am planning for 535 sets of URLs like the above combination of www and non www.
The Maximum sites per cert is 100 (less is better).

If I need to do certificates with both domain names non-www and www

Can I do this
Create 14 certificates and (maximum 87 URLs per cert gets me to 600 domains)

The Number of URLs has to be Less than Maximum - urls_per_cert (100 max , can be as low as 25)

Is there a maximum Number of Certs per_ip address?

Do you know of any SNI constraints and requirements?

You can. But it’s possible that you create one certificate per main domain (with and So if you remove a domain name, the domain name isn’t used in another certificate.

I don’t know, but I don’t think.

1 Like

There are a few things I think I can do to make my life easier. One thing going for these sites is that they are not ecommerce, they are pretty much informational and changes are infrequent.

I think I can use

When performing domain validation, do not consider it a failure if authorizations cannot be obtained for a strict subset of the requested domains. This option cannot be used with --csr.

Thank you for taking the time to answer my questions. I have certificates for my first site.

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name:
Expiry Date: 2019-08-21 19:24:22+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

I will be writing renewal and other scripts to handle these certificate tasks. I will be tracking sites that are dropped and added.

Can I renew a certificate with a different list of names? (I thought that was possible, but thats why I am asking these questions)


The question I should have asked, is what would someone with your knowledge do?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.