I want to use the same certificate across a number of sub-domains. I am using
webroot authentication and specifying webroot-domain pairs in the command:
letsencrypt-auto certonly -c /etc/letsencrypt/webroot.ini \ -w /var/www/example.com/public_html -d example.com \ -w /var/www/a.example.com/public_html -d a.example.com \ -w /var/www/b.example.com/public_html -d b.example.com
The content of my
agree-tos = True renew-by-default = True authenticator = webroot
This command creates a single certificate and I can configure the webserver for each domain to use that cert via the symlink in
live. This is all good stuff.
However, when I added another subdomain to this command the resulting certificate was generated in a different directory:
live/c.example.com, rather than in the previously used directory:
Is there anyway to guarantee where the certificate will be generated?
I read that the first domain in the command is what determines the location but I don’t believe this is the case given my observations. If I’ve made a mistake here please let me know.
I originally generated certificates for each sub-domain, so there were entries in my
/etc/letsencrypt directory for those sub-domains already. Is there a command to remove the old entries, or is it just a case of manually:
sudo rm live/c.example.com sudo rm archive/c.example.com sudo rm renewal/c.example.com
So the question remains, can I guarantee where the certificate will be located in