Multiple certificates for same domain


#1

I have a set up a wildcard certificate on a server, as there will be multiple subdomains used on that server.

I have other servers which will use separate subdomains for the same domain as the first, and one or two of those will possibly need more than one subdomain in the future.

So is it possible to make standard certbot certificates for the same subdomain on other servers when the first server already has a wildcard certificate for the same domain?

Also, is it possible to make a wildcard certificate on any of these other servers when the first server already has a wildcard certificate? (ie. is it possible to make multiple wildcard certificates for the same domain?)

Or should I be using the same wildcard certificate on all servers? And in that case, how do I automatically update them?

Thanks.


#2

Hi @jason404

yes, this is possible.

You can do it. But there are rate limits, max. 5 certificates / week with the same domain name set, max. 50 certificates per week per domain.

Then you don’t have a problem with a rate limit.

That depends on your concrete configuration.


#3

Thanks for the reply @JuergenAuer.

This makes things easier than I was expecting, so that’s good news.

But if I was to make another wildcard certificate on a second servers, wouldn’t the TXT record for DNS challenge be different the second time? So if the TXT record changes, how would the first wildcard certificate be auto-updated? I have noticed that the TXT record changed after the initial --dry-run.

I also didn’t understand what you meant about concrete configuration. Concrete5 seems to be a PHP CMS. What would be the best way to use the same wildcard certificate on different servers and have them all update automatically?

Thanks.


#4

Yes, they are different.

If your first server is updated today, your second next monday, it’s not a problem. It would be a problem if both updates start the same time.

That’s completely unconcrete. It depends how your webserver finds the certificates.


#5

Oh, I think I understand regarding the TXT records now, as I have been using the manual method. I will now look into how to use the DNS plugins for auto updating.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.