Is it possible to have multiple SSL certs live on a server, and have them all automatically renewed via some DNS verification that is maintained for each separate domain? If so, can you please point me to some resources that provide some configuration details on this particular scenario? Thanks!
In general, yes.
The exact setup depends on your DNS provider and the API-plugin for it.
Yes, that’s possible. But before you’re talking about renewing, you’d need to have a certificate issued in the first place! Unfortunately, you’re not really telling us anything about your setup, the used client, et cetera. So please fill in the questionnaire which should have been presented to you when you opened this thread as much as possible:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
I’m just in a phase of researching currently. I have an AWS EC2 instance setup with certbot 0.27.0. It only has one certificate setup right now. All DNS will be managed in Route53 probably, that’s where it’s currently living in my test environment. This server is not running any web services, it will only be used to store SSL certificates and renew them automatically. I’m interested in setting up multiple SSL certs on the box (possibly hundreds of them over time), all auto renewing. I have a separate script that will upload the current SSL certs periodically to the respective servers that they need to be installed on. But just want this box to run certbot and handle all renewals.
Certbot 0.27.0 should be updated to the latest version.
Route53 is supported by certbot: https://certbot.eff.org/docs/using.html#dns-plugins
You do not need run a web server to obtain nor to renew certs (especially via DNS authentication).
I see no problem with fulfilling your needs with certbot.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.