Renew certificate with expanding domains

ya but I get a failed response for it it probably maps to /var/www/html on

What i mean is that certbot first looks in the directory /var/www in that sample script, finds a site and then add every site in that directory to the first cert. /var/www/ is the main site and var/www/vdomain1 is next with /var/www/vdomain2 being the third that is wrapped into the cert. in my case they are all under /home/vdomain1/public_html /home/vdomian2/public_html
etc with no domain residing at the root /home directory…

Did you set the webroot to /var/www/html for the mail subdomain ( if that’s where it goes to in http) ?

Actually in looking at what I did I can see that I had set it wrong but lets encrypt found the websites regardless just not the mail.
I think I have a bit of an apache issue going on there as well I tested on all my virtuals and got a mishmash of results. Pages being served from other vdomains etc. I think that’s apache as it has no handler for anything with a mail in the url. Regardless, if you browse to you will get a page, it may just be a parking page but you get one.\

you know, come to think of it I think virtualmin sets up a by default for each vdomain…

You may want to configure your apache so that any requests for /.well-known/acme-challenge/* always go to the same location, regardless of which domain etc. then you have the same “webroot” for all.

webmail. ? or mail. ? I’d suspect webmail. to be send to whatever your web based mail system is, but not mail.

wouldn’t that just create one certificate pointing to that domain and then defeat the purpose of capturing them all in one cert??

I could achieve the same result by copying the cert of one domain into postfix and always using the smtp server

no. on the command line you said you were using you are specifying all the domains (-d) and webbroots (-w). So you still need to specify all the domains, but you are using a common webroot for them all. The token will be different for every subdomain, so each will be checked - see the documentation at ttps://

This looks totally do able. The server I am currently doing all this on is a production server so I will test some of these commands in a vm tonight to get my arms around it.

this is the command i ran “certbot certonly --webroot -w /var/www/example/ -d -d” but i added and i entered a bad path for the webroot. It found all my websites but not the mail.example roots.

Just FYI I tried this in the of the postfix config as recommended by one of the maintainers of postfix duplicated for each domain and it didn’t work:

smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
smtp inet n - n - 0 smtpd
-o smtp_tls_cert_file=/etc/letsencrypt/live/
-o smtpd_tls_cert_file=/etc/letsencrypt/live/

You entered a bad path, and it still found them ? are you sure ?

I suspect this was just that it said those domains were already validated, so it didn't need to check them.

Yup I posted the results in this thread:

I am going to build up a server by hand and eliminate all this virtualmin mumbo jumbo. I will be back in a day or so to try again or at least report is as working finally. I like to be a little more hands on than fumbling around with a gui…

It keeps overwtiting my postfix configs and hosing it.