I have to issue 2 certificate for hj.com & www.hj.com?


#1

Hi I am developing with php & nginx.

question is simple.

I have to issue 2 certificate for same domain with www or not?
ex) hj.com & www.hj.com

how can i just use 1 certificate using www.hj.com & hj.com?

my configuration code is below

server {
listen 443;
server_name hj.com www.hj.com;
proxy_buffering off;

ssl on;
ssl_certificate /usr/local/lescript/hj.com/cert.pem;
ssl_certificate_key /usr/local/lescript/hj.com/private.pem;

limit_conn ddos_conn 10;
limit_req zone=ddos_req burst=250 nodelay;

proxy_http_version 1.1;
error_page 497 http://$http_host$request_uri;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location ~ {
    set $ip 88.88.88.88;
    proxy_pass https://$ip:443;
}

}

thx.


#2

A Let’s Encrypt certificate can have up to 100 different (sub)domains in the Subject Alt Names-field.


#3

?? I’am so sorry I can not understand your answer.
you say because let’s encrypt have up to different subdomains, I can issue more certificate?
I just want to use ssl with one certificate.


#4

You can have one certificate with many (up to 100) (sub)domains in it.


#5

I don’t know how to add subdomains in one certificate.
I am using php & lescript client.
When I trying to issue certificate at subdomain, i have to add one more certificate.
can you teach me?
thx.


#6

I don’t use lescript, but looking on their help pages you simply define the domains / subdomains you want in a certificate in an array.

$le->signDomains(array('test.com', 'www.test.com'));

#7

That is not making a ‘one’ certificate. That is making 2 certificates for each domain.


#8

Why do you say it is not making “one” certificate ?

It very clearly makes exactly one new certificate, containing all the names you asked for, whether that’s one name, or two names, or sixteen names.

Of course any old certificate you have is not magically updated to have extra names in it. They’re certificates - signed documents, you cannot update them. The new certificate has all the names you asked for in it, you can dispose of old ones with the wrong names or not enough names if you please, and use only one new certificate with exactly the right names in it.


#9

so thank for your answer.
I tried one.hj.com & two.hj.com & three.hj.com -> i can make one cert for three subdomain.
This is useful.
thanks.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.