Is there a limit on subdomains?

My domain is:
www.isimplistic.com

I ran this command:
sudo certbot --nginx -d deals.isimplistic.com

It produced this output:
I got success but a number of new subdomains that I have setup don’t appear to be getting added to the cert. I feel like I am capped or limited somehow… In truth, the initial certbot --nginx commands are straight forward, I am certain that I don’t fully understand how to augment my certs properly. Thank you for any help you can offer and what a great product/service you have.

-Jeromy

My web server is (include version): nginx 1.14

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is: AWS/EC2

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

There's an --expand option for that: User Guide — Certbot 1.21.0 documentation

But a good place to start would be to list all of your certificates:

 certbot certificates

and tell us what changes you want to make to that list.

1 Like

I think I get it, there are multiple cert files being created and I thought it was all being handled from one

/etc/letsencrypt/live/deals.isimplistic.com/fullchain.pem

Expiry Date: 2019-11-04 17:40:17+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/farmfreshmarket.us/fullchain.pem
Private Key Path: /etc/letsencrypt/live/farmfreshmarket.us/privkey.pem

Thanks, I was looking for a way to list certificates, I didn’t find it initially and I had other priorities. Thanks so much

Great. In general, the key to not creating duplicates is to use --cert-name, e.g.:

certbot --nginx --cert-name farmfreshmarket.us \
-d first-domain -d second-domain -d ...

You guys have thought this all through very well, extremely useful, I will be creating a script to discombobulate my life in the future.

Thanks again

1 Like

Hmm I think it's still not working .. https://deals.isimplistic.com/

Do I have to wait a while? I've tried the following command and updated my nginx.conf

sudo certbot --nginx --cert-name deals.isimplistic.com -d deals.isimplistic.com

ssl_certificate /etc/letsencrypt/live/deals.isimplistic.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/deals.isimplistic.com/privkey.pem; # managed by Certbot 
include /etc/letsencrypt/options-ssl-nginx.conf; 
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

The strange thing is almost all of my other subdomains work. Just a couple new ones that don't work.

Ideas?

What is the specific problem you're experiencing?

I can see your certificate - website works just fine.

Have you tried closing the browser tab and opening a new one? Sometimes they're dumb and retain SSL errors even after the problem that caused the error is fixed.

2 Likes

It must be chrome then, for me it says it is an insecure site.

Thanks for responding again.

Oh yeah new tab fixed it, thanks

1 Like

Hi @jeromystewart

if you use the -d option, one certificate with this list of domain names is created.

You use one -d - option -->> your certificate has one domain name.

Checking your main domain ( https://check-your-website.server-daten.de/?q=isimplistic.com#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-08-09 2019-11-07 deals.isimplistic.com
1 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-08-08 2019-11-06 deals.isimplistic.com
1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-06 2019-11-04 list.isimplistic.com
1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-06 2019-11-04 02.isimplistic.com, api.isimplistic.com, asset.isimplistic.com, demo.isimplistic.com, farmfreshmarket.us, ir.isimplistic.com, isimplistic.com, list.isimplistic.com, media.farmfreshmarket.us, media.isimplistic.com, prj01.isimplistic.com, raidfinder.us, rest.isimplistic.com, service.isimplistic.com, static.isimplistic.com, test.isimplistic.com, thefarm.farmfreshmarket.us, www.farmfreshmarket.us, www.isimplistic.com, www.raidfinder.us
20 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-03 2019-11-01 02.isimplistic.com, api.isimplistic.com, asset.isimplistic.com, demo.isimplistic.com, farmfreshmarket.us, ir.isimplistic.com, isimplistic.com, media.farmfreshmarket.us, media.isimplistic.com, prj01.isimplistic.com, raidfinder.us, rest.isimplistic.com, service.isimplistic.com, static.isimplistic.com, test.isimplistic.com, thefarm.farmfreshmarket.us, www.farmfreshmarket.us, www.isimplistic.com, www.raidfinder.us
19 entries
Let's Encrypt Authority X3 2019-08-01 2019-10-30 api.isimplistic.com, asset.isimplistic.com, demo.isimplistic.com, farmfreshmarket.us, ir.isimplistic.com, isimplistic.com, media.farmfreshmarket.us, media.isimplistic.com, prj01.isimplistic.com, raidfinder.us, rest.isimplistic.com, service.isimplistic.com, static.isimplistic.com, test.isimplistic.com, thefarm.farmfreshmarket.us, www.farmfreshmarket.us, www.isimplistic.com, www.raidfinder.us
18 entries

Copied only the newest results.

If you have a lot of subdomains, you have two options:

  • creating one certificate with all subdomains. You can add max. 100 domain names in one certificate. So 20 << 100, you can add a lot of new subdomains. But then you need (if you use the -d option) always a list of all subdomains. That's complicated.
  • creating one certificate per subdomain. You can create max. 50 new certificates per domain per week. Then you need one vHost per subdomain

Checking your list - there are new subdomains, but not 50 in one week. Currently, 20 subdomains.

So creating one certificate per subdomain should work without hitting a limit.

Both versions (one certificate with all subdomains or one certificate per subdomain) are possible.

1 Like

Thank you for your input. The major setback at this moment is every client/partner wants me to know, learn and master a dozen different technologies. I must add letsencrypt to that list … my real issue is time. Thanks so much for all of your help. I think I am slowly arriving at an approach that will allow me to manage all of the subdomains …

Thanks

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.