I have acme-client installed on a FreeBSD 11 server running postfix acting as a mail relay. This server needs to receive mail for multiple domains, so I need a single cert that’s valid for hostnames across multiple domains. For example: mx02.domain1.com, mx02.domain2.com, mx02.domain3.com, etc. However, I’m having trouble doing that with acme-client. Here’s what I’ve tried so far:
Adding all hostnames at the same time:
acme-client -vNnse -C /usr/local/etc/acme/www/ -c /usr/local/etc/acme/ssl -k /usr/local/etc/acme/ssl/privkey.pem -f /usr/local/etc/acme/privkey.pem mx02.domain1.com mx02.domain2.com
acme-client: mx02.domain1.com mx02.domain2.com: bad domain syntax
One hostname at a time (attempting to add hostnames to an existing cert):
# the first hostname
acme-client -vNnse -C /usr/local/etc/acme/www/ -c /usr/local/etc/acme/ssl -k /usr/local/etc/acme/ssl/privkey.pem -f /usr/local/etc/acme/privkey.pem mx02.domain1.com
# Successful
# on to the next hostname...
acme-client -vNnse -C /usr/local/etc/acme/www/ -c /usr/local/etc/acme/ssl -k /usr/local/etc/acme/ssl/privkey.pem -f /usr/local/etc/acme/privkey.pem mx02.domain2.com`
acme-client: /usr/local/etc/acme/privkey.pem: account key exists (not creating)
acme-client: /usr/local/etc/acme/ssl/privkey.pem: domain key exists (not creating)
acme-client: /usr/local/etc/acme/ssl/cert.pem: unknown SAN entry: mx02.domain2.com
acme-client: bad exit: revokeproc(92643): 1
# failure
Is this something that acme-client is capable of doing? The man page would suggest that it is:
-e Allow expanding the domains listed in the certificate. This is a
no-op if no certificate exists yet. If a new domain is
specified, the certificate will be renewed as if -F were also
specified.
If so, what is the correct syntax?
Thanks in advance.
