Multiple domains in config file (cli.ini)


#1

My cli.ini looks like this:

authenticator = webroot
webroot-path = /var/www/
domains = my domain.net www.mydomain.net
renew-by-default = true

I seems that this does not work. How can I get a cert for my domain with and without www?

Thanks,


#2

AFAIK, you’d want to pass multiple domains via -d flag on command line and not within cli.ini itself. That’s what i did Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain

i used

letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz auth

#3

Yeah, but I want to put it in the config file. How can I do that?


#4

Try with

domains = example.com
domains = www.example.com

(I’m not sure at all it will work, just a guess)


#5

not entirely sure… i assume you want to do this for cronjob renewals ? what i do in my web stack’s LE integration is when i auto generate nginx vhost and run the letsencrypt client, is to pipe it’s command to a file which i can run bash shell cron from

simplicity sake would be like

echo "letsencrypt -c sancli.ini -d le8.http2ssl.xyz -d le9.http2ssl.xyz auth" > /path/to/cronfile

then cronjob would be simple as

bash /path/to/cronfile

#6

I tried that mlp. That creates 2 different certs.


#7

Did you try separating them with space or comma?


#8

I tried space and comma without success.

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/cli.ini auth                                 
An unexpected error occurred.                                                                                                                  
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error                                   
Please see the logfiles in /var/log/letsencrypt for more details.

#9

Try removing domains from your cli.ini and run the command with --config /etc/letsencrypt/cli.ini auth -d example.com -d www.example.com


#10

This is what I have in my cli.ini file, just separate domains with commas

rsa-key-size = 4096 server = https://acme-v01.api.letsencrypt.org/directory email = email@mydomain.tld text = True authenticator = webroot webroot-path = /var/www/ agree-dev-preview = True agree-tos = True renew-by-default = True domains = mydomain.tld,www.mydomain.tld,confluence.mydomain.tld

#11

None of this is mentioned in the Official documentation. Is it possible to get it cleared and added?


#12

Yes. Took a while to figure out that documented --config actually requires a specified location i.e.

letsencrypt-auto --config /etc/letsencrypt/cli.ini

instead of

letsencrypt-auto --config cli.ini

after editing your

sudo nano /etc/letsencrypt/cli.ini

… via a website (currently) using a 2048-bit SSL cert. ROFL