I’m using domains from an alternate DNS root and Certbot breaks when I try to run it with those domains in the server files. Is there a way to list domains to be excluded each time I run Certbot?
Do you mean like .onion or .bit or .internal?
How does Certbot break?
If you know exactly which domains you want, you should be able to just do:
certbot --apache -d example.org -d www.example.org
and it won’t bother about any other domains.
Does the -d flag remove those domains? If so it will be easy to put them into a file.
I’m using OpenNIC domains.
-d specifies which domains you want to be included on a certificate.
Certbot shouldn’t be “breaking” when it encounters domains it can’t resolve. I’d like to see what the actual error/output is, so that we can differentiate between a validation error (i.e. CA thinks the DNS doesn’t resolve) or an actual error/bug (Certbot can’t parse webserver config).
The answer to your question relies on that.
It says there was an error because a name didn’t end it a public suffix. Specifying a list of domains with a file would also work.
Cool, that’s an expected CA error.
So using a bunch of
-d is probably your best option.
Edit: I suggested
--allow-subset-of-names but on second thought that probably won’t work, because the alternate root domains would be rejected at the new-order stage, not during validation. Sorry! Your use case is not that common I guess.
How are names being included?
How is that process including names you don’t want included?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.