I want to use the same certificate across a number of sub-domains. I am using
webroot authentication and specifying webroot-domain pairs in the command:
letsencrypt-auto certonly -c /etc/letsencrypt/webroot.ini \
-w /var/www/example.com/public_html -d example.com \
-w /var/www/a.example.com/public_html -d a.example.com \
-w /var/www/b.example.com/public_html -d b.example.com
The content of my
agree-tos = True
renew-by-default = True
authenticator = webroot
This command creates a single certificate and I can configure the webserver for each domain to use that cert via the symlink in
live. This is all good stuff.
However, when I added another subdomain to this command the resulting certificate was generated in a different directory:
live/c.example.com, rather than in the previously used directory:
Is there anyway to guarantee where the certificate will be generated?
I read that the first domain in the command is what determines the location but I don’t believe this is the case given my observations. If I’ve made a mistake here please let me know.
I originally generated certificates for each sub-domain, so there were entries in my
/etc/letsencrypt directory for those sub-domains already. Is there a command to remove the old entries, or is it just a case of manually:
sudo rm live/c.example.com
sudo rm archive/c.example.com
sudo rm renewal/c.example.com
So the question remains, can I guarantee where the certificate will be located in
You can try my client: [updated]Simplest pure bash letsencrypt client, support standalone server now
You can specify the cert path or cert key path like:
CERT_PATH=/path/to/domain.cer CERT_KEY_PATH=/path/to/domain.key le issue /path/to/webroot/ domain.com www.domain.com
I have multiple webroots so I don’t understand how I can use your client as it requires: “You must point and bind all the domains to the same webfoot dir”.
After further examination of the
cli.py source I found these command line arguments:
I’ve tested with another domain and it did exactly what I needed.
I have the same problem, but the suggested solution does not work for me. Here it is the command I run:
letsencrypt certonly --text --test-cert --webroot \ --cert-path=/etc/letsencrypt/domain.org/cert.pem \ --chain-path=/etc/letsencrypt/domain.org/chain.pem \ --fullchain-path=/etc/letsencrypt/domain.org/fullchain.pem \ --key-path=/etc/letsencrypt/domain.org/privkey.pem \ -w /var/www/site1.domain.org/http -d site1.domain.org \ -w /var/www/site2.domain.org -d site2.domain.org
I expect that all the files will be placed into /etc/letsencrypt/domain.org/, but everything is placed into /etc/letsencrypt/live/site1.domain.org/.
Can someone please give the full command line?
So I have about 60-80 domains (three large projects/products with their dommains and subdomains for different services) in different directories (obviously) and I just keep on going “WTF” and also “Are you fucking kidding me?!” while trying to figure out how to renew a certificate. Behind Cloudflare (obviously, everyone uses something, only idiot would expose their servers directly.)
So my question towards the creators of letsencrypt would be… Did you guys try to think about actual production usage?