My cli.ini looks like this:
authenticator = webroot
webroot-path = /var/www/
domains = my domain.net www.mydomain.net
renew-by-default = true
I seems that this does not work. How can I get a cert for my domain with and without www?
Thanks,
1 Like
AFAIK, you’d want to pass multiple domains via -d flag on command line and not within cli.ini itself. That’s what i did Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain
i used
letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz authYeah, but I want to put it in the config file. How can I do that?
Try with
domains = example.com
domains = www.example.com
(I’m not sure at all it will work, just a guess)
not entirely sure… i assume you want to do this for cronjob renewals ? what i do in my web stack’s LE integration is when i auto generate nginx vhost and run the letsencrypt client, is to pipe it’s command to a file which i can run bash shell cron from
simplicity sake would be like
echo "letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz auth" > /path/to/cronfile
then cronjob would be simple as
bash /path/to/cronfileI tried that mlp. That creates 2 different certs.
Did you try separating them with space or comma?
I tried space and comma without success.
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/cli.ini auth
An unexpected error occurred.
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error
Please see the logfiles in /var/log/letsencrypt for more details.Try removing domains from your cli.ini and run the command with --config /etc/letsencrypt/cli.ini auth -d example.com -d www.example.com
1 Like
This is what I have in my cli.ini file, just separate domains with commas
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = email@mydomain.tld
text = True
authenticator = webroot
webroot-path = /var/www/
agree-dev-preview = True
agree-tos = True
renew-by-default = True
domains = mydomain.tld,www.mydomain.tld,confluence.mydomain.tld
4 Likes
None of this is mentioned in the Official documentation. Is it possible to get it cleared and added?
2 Likes
Yes. Took a while to figure out that documented --config actually requires a specified location i.e.
letsencrypt-auto --config /etc/letsencrypt/cli.ini
instead of
letsencrypt-auto --config cli.ini
after editing your
sudo nano /etc/letsencrypt/cli.ini
- even the European Union Agency for Network and Information Security recommends using RSA keys of 3072 bits or more … source: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
… via a website (currently) using a 2048-bit SSL cert. ROFL