Each goes to a different site/folder on the server alpha.test.com goes to /var/www/alpha.test.com/html beta.test.com goes to /var/www/beta.test.com/html
So does the following command look right:
sudo letsencrypt certonly -a webroot --expand --webroot-path=/var/www/alpha.test.ca/html -d alpha.test.ca --webroot-path=/var/www/beta.test.ca/html -d beta.test.ca
In my nginx/sites-enabled, I am forcing all non-https traffic to https with the following:
return 301 https://$server_name$request_uri;
Do I need to turn this off for this expansion - and for that matter - each time I need to renew the cert?
My initial tests are giving me invalid response warnings.
Can I force it to call https://alpha.test.com/.well-known… ?
Yep! That looks perfect. If you want it to be more concise, you can write --webroot-path as the short form -w.
No, the CA follows 301 redirects, including 301 redirects to an HTTPS URL, as part of the validation process. Lots of people even use them intentionally as part of their validation setup. If this is failing, there's some other reason, which you can perhaps diagnose or we can try to help figure out.