Multi domain free certificate: authentication fails

DeevEedeez · February 2, 2021, 2:48pm

I had a free 3 month certificate with 4 separate domains, all running on the same server (Synology virtual servers), without a problem. All domain names would lead to a seperate website and all would have https automatically without a problem, using the same certificate, because all domains would point to the same public fixed IP address. The certificate was previously issued through the Synology interface.
It did not automatically renew for some reason, like it used to before, probably because the internet provider decided to change my fixed IPv4 address when introducing IPv6 a month ago. Maybe some temporary mismatch in the DNS entries of said 4 domains caused this.
The certificate expired on 14 jan 2021 and I have not been able to get a new free 3 month multi domain certificate since. I have been able to get a free 3 month SINGLE domain certificate through Synologies interface, so communication with Let's Encrypts server works and authentication for one domain works too.
Working with certbot is a bridge too fare as yet, for me . , it appears...

Why can I not enter multiple domains, like www.domain1.com;www.domain2.com;www.domain3.com;www.domain4.com any more
in the SAN field? (See pic attached). It currently will not accept anything there...
I know I should ask Synology also, but maybe there is a restriction from Let's Encrypt?
What can I do to get the certificate with 4 domains back?

JuergenAuer · February 2, 2021, 3:44pm

Hi @DeevEedeez

there is no restriction.

You can create certificates with max. 100 domain names.

But if the client interface is limited, that may not be possible.

griffin · February 2, 2021, 3:55pm

Welcome to the Let's Encrypt Community, Deev

Please read here:

Try using commas ( , ) to separate the subject alternative names (SANs) instead of semicolons ( ; ).

DeevEedeez · February 21, 2021, 8:53pm

Thanks.

I've read through it. Nothing new to me there. I've setup a free multi domain certificate with Let's Encrypt before through the DSM of the Synology. It also renewed before without problems. Until recently. I guess it has something to do with the DSM that was "updated" in the meantime, because I am completely unable to get a multi-domain certificate for the (5) domains I used before without problems. These domains have a website presence on my Synology. I cán create a single domain certificate without any problems and it is currently installed, so, it is NOT a port issue (but I knew that, I manage a firewall for that and the settings are all OK, actually unchanged from way before). However, 4 of the domains remain without a valid https certificate, which is a problem, obviously.

As per your suggestion, I've tried using comma's instead of ;'s, but the DSM won't allow me, also not by utilising copy-paste. It simply throws an error, telling me I am using illegal characters.

It is weird.

Rebooting won't help. I've also checked all DNS entries for the domains at hand, but they are all OK, other services also work, so IP's, A/s, CNAME's, AAA, TXT's, etc are all OK.

Just to make sure:
What does Let's Encrypt check actually for each domain? Does it check through DNS? If not, how can that be set up, e.g. with a TXT field (in the DNS) of sorts?

petercooperjr · February 21, 2021, 9:18pm

Let's Encrypt allows for up to 100 names per certificate, and validates each of them using whichever Challenge Type the client being used asks for.