Multi Domains (SAN) ZIMBRA (PLEASE HELP)


#1

Need can help create a certificate for my other domain example :

And I have a certificate for the domain:
mail.test.com
Now I want to install mail1.test.com looking for tell me add the domain mail1.test.com SAN but not to , if I can help it would be like to zimbra .

Greetings.


#2

There’s a guide for Let’s Encrypt in the Zimbra Wiki, including a section for SAN certificates. Does this help? Getting a certificate for multiple domains is generally as simple as passing multiple -d example.com arguments to the client.


#3

And I will review , in case here are some example , I have a domain with the certificate but as I add another domain in the SAN

Thaks…


#4

Adding the domain after the fact is basically no different from requesting a new certificate, so you would run the exact same command again, plus the additional -d new.example.com at the end (you still need to include the original domain(s)!). You might also want to add --expand to tell the client to replace the existing certificate file, as opposed to creating a new directory in /etc/letsencrypt/live.


#5

I understand that I must run the following command to add another domain, the domain having already created and with the certificate mail.test.com , I only run the following command to another domain mail1.test.com .

./letsencrypt-auto certonly --standalone -d mail1.test.com

By performing this process does not create any kind of conflict and the restoration process it is the same or different ?


#6

Running this command will get you a new certificate that covers only mail1.test.com. If you would like a certificate that covers both mail1.test.com and mail.test.com, the command should be:

./letsencrypt-auto certonly --standalone -d mail.test.com -d mail1.test.com --expand

This would give you a SAN certificate covering both domains.

It’s also perfectly fine to have multiple certificates (with, for example, one domain each) on the same server. This would use SNI (Server Name Indication). One downside is that very old client or server software might not support SNI. Unless you have a specific reason why two certificates with SNI would be a better fit, SAN is probably your best option.


#7

Oh ready , I understand and I use a script for automatic renewal of the certificate at the following address

https://github.com/VojtechMyslivec/letsencrypt-zimbra

that also cover me to renew certificate or both would have to make another process for renewal from both?


#8

Based on a quick read of obtain-and-deploy-letsencrypt-cert.sh, this script seems to handle only single-domain certificates in its current form (there’s just one “CN” variable, no way to pass in multiple SANs). If you obtain the new SAN certificate using the regular letsencrypt-auto command, this script won’t be able to help you with renewal for that certificate.


#9

Sure, I understand but if I edit the script and put another CN with the new domain could achieve ?


#10

As in: Have two copies of the script, with two different CNs?

This would give you two separate certificates. Basically what I described here - not a SAN certificate:

Modifying the script to accept multiple SANs would also work in theory, but I’m not really familiar enough with this script to determine what this would involve.


#11

oh , is right, then let me see how I solve this big little problem and if I do not share with the community, thank you very much …Oh no other way to create a task crond so that I autorenueve certificates


#12

If you’re curious about the renewal support that’s included in certbot itself, take a look at the documentation. Most of the things this script performs could probably be wrapped in a --pre-hook and --post-hook (which are executed before and after renewal).


#13

Thank you very much , I’ll read and see how I can put it on my server with zimbra


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.