There’s a guide for Let’s Encrypt in the Zimbra Wiki, including a section for SAN certificates. Does this help? Getting a certificate for multiple domains is generally as simple as passing multiple -d example.com arguments to the client.
Adding the domain after the fact is basically no different from requesting a new certificate, so you would run the exact same command again, plus the additional-d new.example.com at the end (you still need to include the original domain(s)!). You might also want to add --expand to tell the client to replace the existing certificate file, as opposed to creating a new directory in /etc/letsencrypt/live.
I understand that I must run the following command to add another domain, the domain having already created and with the certificate mail.test.com , I only run the following command to another domain mail1.test.com .
This would give you a SAN certificate covering both domains.
It’s also perfectly fine to have multiple certificates (with, for example, one domain each) on the same server. This would use SNI (Server Name Indication). One downside is that very old client or server software might not support SNI. Unless you have a specific reason why two certificates with SNI would be a better fit, SAN is probably your best option.
Based on a quick read of obtain-and-deploy-letsencrypt-cert.sh, this script seems to handle only single-domain certificates in its current form (there’s just one “CN” variable, no way to pass in multiple SANs). If you obtain the new SAN certificate using the regular letsencrypt-auto command, this script won’t be able to help you with renewal for that certificate.
oh , is right, then let me see how I solve this big little problem and if I do not share with the community, thank you very much …Oh no other way to create a task crond so that I autorenueve certificates
If you’re curious about the renewal support that’s included in certbot itself, take a look at the documentation. Most of the things this script performs could probably be wrapped in a --pre-hook and --post-hook (which are executed before and after renewal).