Multiple domains in config file (cli.ini)


My cli.ini looks like this:

authenticator = webroot
webroot-path = /var/www/
domains = my
renew-by-default = true

I seems that this does not work. How can I get a cert for my domain with and without www?



AFAIK, you’d want to pass multiple domains via -d flag on command line and not within cli.ini itself. That’s what i did Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain

i used

letsencrypt -c sancli.ini -d -d auth


Yeah, but I want to put it in the config file. How can I do that?


Try with

domains =
domains =

(I’m not sure at all it will work, just a guess)


not entirely sure… i assume you want to do this for cronjob renewals ? what i do in my web stack’s LE integration is when i auto generate nginx vhost and run the letsencrypt client, is to pipe it’s command to a file which i can run bash shell cron from

simplicity sake would be like

echo "letsencrypt -c sancli.ini -d -d auth" > /path/to/cronfile

then cronjob would be simple as

bash /path/to/cronfile


I tried that mlp. That creates 2 different certs.


Did you try separating them with space or comma?


I tried space and comma without success.

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/cli.ini auth                                 
An unexpected error occurred.                                                                                                                  
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error                                   
Please see the logfiles in /var/log/letsencrypt for more details.


Try removing domains from your cli.ini and run the command with --config /etc/letsencrypt/cli.ini auth -d -d


This is what I have in my cli.ini file, just separate domains with commas

rsa-key-size = 4096 server = email = email@mydomain.tld text = True authenticator = webroot webroot-path = /var/www/ agree-dev-preview = True agree-tos = True renew-by-default = True domains = mydomain.tld,www.mydomain.tld,confluence.mydomain.tld


None of this is mentioned in the Official documentation. Is it possible to get it cleared and added?


Yes. Took a while to figure out that documented --config actually requires a specified location i.e.

letsencrypt-auto --config /etc/letsencrypt/cli.ini

instead of

letsencrypt-auto --config cli.ini

after editing your

sudo nano /etc/letsencrypt/cli.ini

… via a website (currently) using a 2048-bit SSL cert. ROFL