Multiple domains in config file (cli.ini)

mikeskril · November 13, 2015, 4:43pm

My cli.ini looks like this:

authenticator = webroot
webroot-path = /var/www/
domains = my domain.net www.mydomain.net
renew-by-default = true

I seems that this does not work. How can I get a cert for my domain with and without www?

Thanks,

eva2000 · November 13, 2015, 4:47pm

AFAIK, you’d want to pass multiple domains via -d flag on command line and not within cli.ini itself. That’s what i did Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain

i used

letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz auth

mikeskril · November 13, 2015, 4:47pm

Yeah, but I want to put it in the config file. How can I do that?

mlp · November 13, 2015, 4:49pm

Try with

domains = example.com
domains = www.example.com

(I’m not sure at all it will work, just a guess)

eva2000 · November 13, 2015, 4:50pm

not entirely sure… i assume you want to do this for cronjob renewals ? what i do in my web stack’s LE integration is when i auto generate nginx vhost and run the letsencrypt client, is to pipe it’s command to a file which i can run bash shell cron from

simplicity sake would be like

echo "letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz auth" > /path/to/cronfile

then cronjob would be simple as

bash /path/to/cronfile

mikeskril · November 13, 2015, 5:50pm

I tried that mlp. That creates 2 different certs.

kelunik · November 13, 2015, 6:08pm

Did you try separating them with space or comma?

mikeskril · November 13, 2015, 6:10pm

I tried space and comma without success.

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/cli.ini auth                                 
An unexpected error occurred.                                                                                                                  
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error                                   
Please see the logfiles in /var/log/letsencrypt for more details.

mlp · November 13, 2015, 10:46pm

Try removing domains from your cli.ini and run the command with --config /etc/letsencrypt/cli.ini auth -d example.com -d www.example.com

jonher937 · November 22, 2015, 2:26am

This is what I have in my cli.ini file, just separate domains with commas


rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = email@mydomain.tld
text = True
authenticator = webroot
webroot-path = /var/www/
agree-dev-preview = True
agree-tos = True
renew-by-default = True
domains = mydomain.tld,www.mydomain.tld,confluence.mydomain.tld

nichlas · December 3, 2015, 8:15am

None of this is mentioned in the Official documentation. Is it possible to get it cleared and added?

emerproxy · December 6, 2015, 4:11pm

Yes. Took a while to figure out that documented --config actually requires a specified location i.e.

letsencrypt-auto --config /etc/letsencrypt/cli.ini

instead of

letsencrypt-auto --config cli.ini

after editing your

sudo nano /etc/letsencrypt/cli.ini

even the European Union Agency for Network and Information Security recommends using RSA keys of 3072 bits or more … source: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report

… via a website (currently) using a 2048-bit SSL cert. ROFL