My web server is (include version): 1 Express.JS/Node and 2 Flask instances
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0
I do not actually have a domain name yet as I am just starting this project and am planning ahead (because I want to know if I should approach my development strategy differently if it won't be possible to make certs for my current setup).
My question amounts to: Is it possible to have a certificate that covers multiple domains/subdomains for multiple different server instances. For example, I have one server running on port 443 (Node/express). I also have two other Flask servers running on two other ports (currently 8080 and 8000). Is there any other way to cover these other two servers in either a different certificate or the same certificate as the 443 cert?
Thanks and I apologize for not including domain, I just haven't purchased one yet
A reverse proxy is the usual approach in this situation, I think.
So you'd have a reverse proxy server (nginx or Apache or something like that) running on port 80 (HTTP) and 443 (HTTPS).
The reverse proxy would forward traffic, based on the domain name being requested, to your Express and Flask servers, which would run on alternate ports (8080, 8000, etc).
In this case you'd set up some subdomains like node.example.com, flask-1.example.com, flask-2.example.com and then, on the reverse proxy, configure each hostname to forward traffic to the correct application server. This will allow all the applications to share port 80+443 from the perspective of the visitor, so visitors can just type in https://node.example.com and https://flask-1.example.com etc. and see the right application.
This also dramatically simplifies certificate management and renewal, because you only have to configure SSL certificates on the reverse proxy and your applications can avoid that complication. You could use 3 different SSL certificates or 1 certificate which covers all 3 subdomains; that's up to you.