More Let's Encrypt certificates for Domains (ECDSA, Apache, mod_md)

An FYI for the adventurous amongst you: beta testing of mod_md with support for multiple certificates per domain has started. This allows you to obtain RSA + ECSDA certificates and Apache will negotiate with the client about the one to use (which is mostly done by the SSL library). You can build this against an Apache httpd 2.4.41.

Monitoring and OCSP Stapling of mod_md will pick up and handle these additional certificates also, of course.

Thanks, Stefan


After just reading the topic title: this is also possible without mod_md. It’s possible since a long time, really. Just use SSLCertificateFile and SSLCertificateKeyFile twice in your Apache HTTPS virtualhost: one set of both for the RSA cert, one set for the ECDSA cert.

But of course it’s great to see mod_md implementing this too! :+1:


I adapted the title to make the message more clear. mod_md can now obtain and renew several certificates for the same domain. The use case for this is to equip servers with RSA+ECDSA certificates from Let’s Encrypt.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.