ya but I get a failed response for it it probably maps to /var/www/html on tesla.linuxnuts.com
What i mean is that certbot first looks in the directory /var/www in that sample script, finds a site and then add every site in that directory to the first cert. /var/www/ is the main site and var/www/vdomain1 is next with /var/www/vdomain2 being the third that is wrapped into the cert. in my case they are all under /home/vdomain1/public_html /home/vdomian2/public_html
etc with no domain residing at the root /home directoryâŚ
Did you set the webroot to /var/www/html for the mail subdomain ( if thatâs where it goes to in http) ?
Actually in looking at what I did I can see that I had set it wrong but lets encrypt found the websites regardless just not the mail.
I think I have a bit of an apache issue going on there as well I tested mail.whateverdomainsihave.com on all my virtuals and got a mishmash of results. Pages being served from other vdomains etc. I think thatâs apache as it has no handler for anything with a mail in the url. Regardless, if you browse to mail.whateverdomain.com you will get a page, it may just be a parking page but you get one.\
you know, come to think of it I think virtualmin sets up a webmail.whateverdomain.com by default for each vdomainâŚ
You may want to configure your apache so that any requests for /.well-known/acme-challenge/* always go to the same location, regardless of which domain etc. then you have the same âwebrootâ for all.
webmail. ? or mail. ? Iâd suspect webmail. to be send to whatever your web based mail system is, but not mail.
wouldnât that just create one certificate pointing to that domain and then defeat the purpose of capturing them all in one cert??
I could achieve the same result by copying the cert of one domain into postfix and always using the smtp server
no. on the command line you said you were using you are specifying all the domains (-d) and webbroots (-w). So you still need to specify all the domains, but you are using a common webroot for them all. The token will be different for every subdomain, so each will be checked - see the documentation at ttps://certbot.eff.org/docs/using.html#commands
This looks totally do able. The server I am currently doing all this on is a production server so I will test some of these commands in a vm tonight to get my arms around it.
this is the command i ran âcertbot certonly --webroot -w /var/www/example/ -d www.example.com -d example.comâ but i added mail.example.com and i entered a bad path for the webroot. It found all my websites but not the mail.example roots.
Just FYI I tried this in the master.cf of the postfix config as recommended by one of the maintainers of postfix duplicated for each domain and it didnât work:
smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
smtp inet n - n - 0 smtpd
-o myhostname=mail.linuxnuts.com
-o smtp_tls_cert_file=/etc/letsencrypt/live/www.linuxnuts.com/cert.pem
-o smtpd_tls_cert_file=/etc/letsencrypt/live/www.linuxnuts.com/cert.pem
You entered a bad path, and it still found them ? are you sure ?
I suspect this was just that it said those domains were already validated, so it didn't need to check them.
Yup I posted the results in this thread:
I am going to build up a server by hand and eliminate all this virtualmin mumbo jumbo. I will be back in a day or so to try again or at least report is as working finally. I like to be a little more hands on than fumbling around with a guiâŚ
It keeps overwtiting my postfix configs and hosing it.