Should I use 1 cert or many for multiple domains in 1 host


#1

Hello, first of all thank you so much for the effort on this service it’s really helpful, now I have a question for which I already tried to find the answer by searching with no results :frowning:

I currently have 1 VPS server in which I have 3 domains and some of them have sub domains. The problem is that I’m not sure if I should be issuing 1 certificate and just add all the domains, or if I have to issue 1 certificate for each domain.

I found this command, so I’m not sure if I should use it for just one domain and its sub domains like this
certbot -d mydomain.com,www.mydomain.com --expand

or using it for all the domains and subdomains like this
certbot -d mydomain.com,www.mydomain.com,anotherdomain.com,www.anotherdomain.com --expand

Again, thanks for the help!


#2

Hi @novalys,

You have a choice about how to organize your certificates. Either one certificate or many certificates will be potentially valid.

One thing you should know is that each time you run Certbot with a certificate-issuance command, it will attempt to obtain one certificate covering the domains that you select. If you do want to expand an existing certificate by reissuing it with more names, you need to include all of the names that should appear in the new certificate via the -d option. If you only include some of them, you will get a certificate covering only the ones that you indicated, and it may not replace the existing certificate.

Using only one certificate containing all of your names may be helpful in terms of reducing your risk of running into Let’s Encrypt rate limits (because it causes fewer total certificate issuances). However, it could also be inconvenient if you may need to stop using any of the names in the future, or if you otherwise expect to have to change the name coverage frequently, or if you’re thinking of reorganizing your web services in the future by splitting them across multiple servers.


#3

Makes sense, thank you so much for your time.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.