Multiple domains with Certbot

pni · January 22, 2018, 9:29am

My server serves multiple sites (one IP multiple different domain names) and until now I have installed certificates using certbo like this:

sudo certbot --apache -d example.com -d uploads.example.com
sudo certbot --apache -d secondsite.com

But now since the challenge fails I don’t know how to install certificates for multiple domains on a single server. I’m aware of the workaround command, but I’m not sure how to adapt it in the manner above (I’m a complete beginner sys admin).

I have installed certbot via its PPA repostiroty (ppa:certbot/certbot), i’m using apache2 with Ubuntu 16.04. The version of certbot in that repository is 0.19. Also does anybody knows when the repository receives updates?

_az · January 22, 2018, 9:33am

From the issue:

Unfortunately this will take some time, as it requires a release from the debian and ubuntu maintainers.
Until then users should use certbot-auto if they require features from the 0.21.0 release

You could try use certbot-auto in the meantime, or perhaps show us what workaround command you have tried and we can try work through it with 0.19.

pni · January 22, 2018, 9:38am

Thanks for the replay. I haven’t tried the official workaround because I’m afraid I might do something I won’t know how to undo (I’m complete noob to sys administration).

This is from the official certbot site:

sudo certbot --authenticator webroot --installer apache

Can I use something like this? Is there a way to --dry-run a command with certbot?

sudo certbot --authenticator webroot --installer apache  -d example.com -d uploads.example.com

_az · January 22, 2018, 9:40am

Certainly, you can just add --dry-run to the end of that last command, and it will use the Let’s Encrypt test CA and not make any changes to your Apache configuration.

pni · January 22, 2018, 9:48am

Thanks, I tried, but it won’t work with --dry-run unless I use certain subcommands, it returns:

--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')

_az · January 22, 2018, 9:55am

Ah. I guess you could try run certonly to test the issuance and if it works, try it live.

Test:

certbot certonly --authenticator webroot -w /var/www/webroot -d example.com -d uploads.example.com --dry-run

Live:

certbot --authenticator webroot --installer apache -w /var/www/webroot -d example.com -d uploads.example.com

mnordhoff · January 22, 2018, 10:02am

You can use --staging with other commands, though it will save the staging certificate for real. (You can overwrite or delete it.)

pni · January 22, 2018, 10:21am

It succeed, thanks! Although it did not edit my apache files as the old certbot before the bug.

system · February 21, 2018, 10:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.