Programatically expand domains

Hello, I am able to expand the domains I have using certbot by issuing the following command:

certbot certonly -d site1.mydomain.com,site2.mydomain.com,site3.mydomain.com

Is there a way to run this command without user interaction?

The reason is that I would like to programatically add additional subdomains.

The ideal way would be using a wildcard, but there isn't a plugin I can use for this at the moment so ideally looking for a way to run the above command programatically without user interaction.

Thanks.

I don't really understand, the command you've stated can be ran without human interaction already? Or do you mean you're currently asked to specify an authenticator?

You can also specify the authenticator and other options on the command line. See the certbot documentation: User Guide — Certbot 1.11.0.dev0 documentation

Hi @Osiris. Thanks for your response.

It asks for input twice as follows:

root@myserver:~# certbot certonly -d site1.mydomain.com,site2.mydomain.com,site3.mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/site1.mydomain.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for site1.mydomain.com
http-01 challenge for site2.mydomain.com
http-01 challenge for site3.mydomain.com
http-01 challenge for site4.mydomain.com
http-01 challenge for site5.mydomain.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/site1.mydomain.co/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/site1.mydomain.co/privkey.pem
   Your cert will expire on 2021-06-13. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@myserver:~#

Two things:

  • Please see the documentation linked above: it provides all the command line options you require, such as providing the apache plugin for authentication.
  • Please DON'T renew and replace an already existing with exactly the same domains: this is unnecessary and only adds to the load of Let's Encrypts systems and can lead to you hitting a rate limit. The only reason I can think of is if you add for example the "must staple" option to the certificate. But if the certificate is exactly the same: please use an already existing certificate or use the staging environment.
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.