Renewing an existing certificate for arabamibul.net and 23 more domains

Help
1

Hello,
I am in trouble about renewing multidomain 1 level wildcard for 12 domains.
(Maybe this is a cerbot question)
When certbot started evetthing goes well but it is not asking for 24 only 15 dns txt edits.
Then fails (propagate time may not be inof its ok) but

Question is ;Should certbot ask 24 or 15 is fine to update cert?

certbot certificates command result is like below

Found the following certs:
Certificate Name: internetebak.com
Serial Number: 3de6302d2760845d86105c16b7d10daxxxx
Key Type: ECDSA
Domains: arabamibul.net *.arabamibul.net *.ariyoruz.net *.bakiyoruz.net *.bulonline.com *.dogaldukkan.net *.evarkadasiara.net *.internetebak.com *.kiraciara.com *.kiraciara.net *.kiralikbul.net *.temizikinciel.net *.yemekkultur.com ariyoruz.net bakiyoruz.net bulonline.com dogaldukkan.net evarkadasiara.net internetebak.com kiraciara.com kiraciara.net kiralikbul.net temizikinciel.net yemekkultur.com
Expiry Date: 2024-11-28 10:17:48+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/internetebak.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/internetebak.com/privkey.pem

I ran this command:

certbot certonly --manual --email kanpinar@gmail.com --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d arabamibul.net -d *.arabamibul.net -d ariyoruz.net -d *.ariyoruz.net -d bakiyoruz.net -d *.bakiyoruz.net -d bulonline.com -d *.bulonline.com -d dogaldukkan.net -d *.dogaldukkan.net -d evarkadasiara.net -d *.evarkadasiara.net -d internetebak.com -d *.internetebak.com -d kiraciara.com -d *.kiraciara.com -d kiraciara.net -d *.kiraciara.net -d kiralikbul.net -d *.kiralikbul.net -d temizikinciel.net -d *.temizikinciel.net -d yemekkultur.com -d *.yemekkultur.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for arabamibul.net and 23 more domains

My web server is (include version):
Nginx .Net Core

The operating system my web server runs on is (include version):
Debian 12

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

2

I count 24 hostnames, so yes, Certbot should ask for 24.

Perhaps in the past there were some already valid authorizations cached and thus weren't necessary at that time. However, these cached valid authz are only cached for 30 days currently I believe.

So when nothing is cached any longer, all hostnames require a new challenge.

3

second time i tryed and it asked for only 15...
Have any idea ? Whats going wrong with process...

image
image840×772 18 KB

4

Then 9 of the previous hostnames were probably satisfied already in most likely a recent previous run.

I don't know, I have yet to see an error message.

Manually performing the challenge isn't recommended anyway.

4 Likes
5

Perfect...
"previous hostnames were probably satisfied already" satistify iguess...
Lets wait longer patiently for propagate ..
thanks a lot. learned some today. thnaks to @Osiris

6

I just want to reiterate this. Having 24 domain names on one certificate, with manual authentication, is likely the hardest and most convoluted method of accomplishing whatever you're actually needing to accomplish.

5 Likes
7

image
image1042×971 33.7 KB

I could complete 1 cert for 12 domains with one level sub domains for all successfully.
Problem was ; TXT check fail
Result ; When updating , certbot not checking all.
And eliminating check for succeeded ones.

If you do update before 90 days possible will be much more easy and less pain

checking txt record using dig with @8.8.8.8 for double check made it easyier.
dns returning random info from dns tree.. for being sure wat a bit more is better.

Thanks again.

8

When i earn some first dime will go to Lets Encrypt ! regards

9

You should have see me at 2003 while "eating" suse linux books at two days
DHCP SDNS Oracle Nagios snmp etc. etx. :joy: ...
An old fellow, After 9 years development story for own job trying to save a few bucks.

in sort splitting by domains by servername at nginx with certs in their ownfiles may be better
got it . :love_you_gesture:

regards.

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.