How to handle www.domains and plain domains?

My domains are


I ran this command: I am trying to figure out the details of the command

It produced this output: n/a

My web server is (include version):
Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS

I can login to a root shell on my machine: yes:

I’m using a control panel to manage my site (no):

Details of the project are at https://garyjohnson53.wordpress.com/2019/05/23/letsencrypt-multi-domain-san/

Question 1
How to handle www.domains and plain domains?

I use the dig ‘domain name’ + short // a linux command + short to show the A record

dig www.pbacloudb2019-doctortest.com +short

pbacloudb2019-doctortest.com.

162.209.11.83

dig pbacloudb2019-doctortest.com +short

162.209.11.83

If www.pbacloudb2019-doctortest.com points to both the ip and the non www version

can I just request certificates for the www version and will DNS and other magic show its protected by sll if the user does

this

http://www.pbacloudb2019-doctortest.

Or this

http://.pbacloudb2019-doctortest

Hi @gmgj

the rules are simple:

  • create two dns A records non-www and www

That’s already done ( https://check-your-website.server-daten.de/?q=pbacloudb2019-doctortest.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
pbacloudb2019-doctortest.com A 162.209.11.83 yes 2 0
AAAA yes
www.pbacloudb2019-doctortest.com C pbacloudb2019-doctortest.com yes 1 0
A 162.209.11.83 yes
  • Create a port 80 vHost with ServerName / ServerAlias (Apache) with both domain names, so both port 80 connections should work

That’s done:

Domainname Http-Status redirect Sec. G
http://pbacloudb2019-doctortest.com/
162.209.11.83 200 0.387 H
http://www.pbacloudb2019-doctortest.com/
162.209.11.83 200 0.373 H
  • create one certificate with both domain names non-www and www
  • create a redirect in the port 80 vHost http -> https without changing the domain name (http status 301)
  • select one version as the preferred version and create a redirect https + not-preferred version -> https + preferred version.

Thank you!
I work on a site that uses Name Based Virtual Hosting.

I am planning for 535 sets of URLs like the above combination of www and non www.
The Maximum sites per cert is 100 (less is better).

If I need to do certificates with both domain names non-www and www

Can I do this
Create 14 certificates and (maximum 87 URLs per cert gets me to 600 domains)

The Number of URLs has to be Less than Maximum - urls_per_cert (100 max , can be as low as 25)

Is there a maximum Number of Certs per_ip address?

Do you know of any SNI constraints and requirements?

You can. But it’s possible that you create one certificate per main domain (with example.com and www.example.com). So if you remove a domain name, the domain name isn’t used in another certificate.

I don’t know, but I don’t think.

1 Like

There are a few things I think I can do to make my life easier. One thing going for these sites is that they are not ecommerce, they are pretty much informational and changes are infrequent.

I think I can use
–allow-subset-of-names

When performing domain validation, do not consider it a failure if authorizations cannot be obtained for a strict subset of the requested domains. This option cannot be used with --csr.

Thank you for taking the time to answer my questions. I have certificates for my first site.

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: pbacloudb2019.com
Domains: pbacloudb2019.com pbacloudb2019-doctortest.com www.pbacloudb2019-doctortest.com www.pbacloudb2019.com
Expiry Date: 2019-08-21 19:24:22+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/pbacloudb2019.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pbacloudb2019.com/privkey.pem

I will be writing renewal and other scripts to handle these certificate tasks. I will be tracking sites that are dropped and added.

Can I renew a certificate with a different list of names? (I thought that was possible, but thats why I am asking these questions)

–renew-with-new-domains
–expand

The question I should have asked, is what would someone with your knowledge do?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.