One certificate for many domains

punchi · October 10, 2016, 10:01pm

Hi!,

It’s possible to issue just one certificate for many domains? there’s any kind of problem with that? right now I’m using:

certbot-auto certonly --standalone --email XXXX@domain.com -d domain.com -d www.domain.com -d blog.domain.com -d another.domain.com

I’m with nginx, and I need to stop and start the service every time I need to renew/issue, so I would like to use --webroot, but I have differents paths and apps for every domain, eg: domain.com and www.domain.com are in /var/www/domain but blog.domain.com is on /var/www/blog .It’s possible to have anyway one certificate for all the domains? what would be the drawbacks? the command would be like this:

certbot-auto certonly --webroot -w /var/www/domain -d domain.com -d www.domain.com -d blog.domain.com -d another.domain.com

thanks!

schoen · October 10, 2016, 10:10pm

@punchi, what you describe should work properly in the way you’ve described it, except that you need to add another -w for the domains using a different domain, like

-w /var/www/domain -d domain.com -d www.domain.com -w /var/www/blog -d blog.domain.com -d another.domain.com

This is also assuming that another.domain.com also uses the /var/www/blog webroot; otherwise, you need a 3rd -w to specify the webroot for that site.

punchi · October 10, 2016, 11:02pm

Thanks for the reply @schoen! but what if I leave all the domains just with -w /var/www/domain ?? eg.

certbot-auto certonly --webroot -w /var/www/domain -d domain.com -d www.domain.com -d blog.domain.com -d another.domain.com

why should I separate into differents webroots if I could point all the SSL certificates paths to the same one?? and they’ll be created on /etc/letsencrypt/live/ ??

schoen · October 10, 2016, 11:16pm

The webroot is used for authenticating your control over each domain, so it needs to match where the content of each site is served from – because the webroot plugin is going to change that content as part of the authentication process. If you have three different sites with different content, you need to supply three different -w values so that Certbot knows where to make the changes in response to the challenges associated with each domain.

punchi · October 11, 2016, 12:51am

Thanks!

DavidBruchmann · October 12, 2016, 10:48am

It’s also possible to run letsencrypt separated for each directory, but the solution above is of course smarter,

system · November 11, 2016, 11:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I cannot get one certificate to work with various subdomains Help	19	1282	February 8, 2021
Certbot, same webroot for multiple subdomains? Server	6	5447	December 5, 2017
Certbot Multiple subdomains - locations Help	5	2362	December 23, 2020
One cert for all domains created Help	2	890	July 13, 2019
Multiple domains on the same certificate Help	2	588	April 14, 2022

One certificate for many domains

Related topics