SSL Certificate over 100 domains


#1

Hello

New member so apologies if this is in the wrong place. I have a client who has a Wordpress Multisite installation (www.companyname.co.uk). companyname.co.uk is the main domain and protected by a Lets Encrypt cert, he also over 160 townservice domain names (e.g. swindoneservicename.co.uk) which are mapped to the Wordpress multisite install. I’ve added the service domains to the Plesk control panel as domain aliases. All great, add the SSL cert to the aliases and all works fine. Only thing is, when i get to a certain amount, I get the following error:

Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Details:
Type: urn:acme:error:malformed
Status: 400
Detail: Error creating new cert :: CSR contains more than 100 DNS names

I understand from doing a search for this that you can only have 100 names per certificate. Does anyone know how I can secure all the townservice.co.uk domain names using either 1 certificate or multiple certificate? I have installed a wildcard SSL cert from GeoTrust, but it only covers *.companyname.co.uk. The WP MS is setup as sub domains (town.companyname.co.uk).

Thanks in advanced for any assistance.
Justin


#2

Hi,

Are all domains (else than the main domain) are dedicated domains (not subdomains)?
e.g. a.com, b.com c.com?

Thank you


#3

Hi

Yes that is correct. In the setup of the WP MS I’m using the subdomain setup so townnameservice.co.uk is mapped to town.companyname.co.uk

Thanks
Justin


#4

Hi,

Unfortunately, you need to create two different certificates (instead of one) since Let’s Encrypt will only allow 100 domains / SANs per certificate.

If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate . Combined with the above limit, that means you can issue certificates containing up to 5,000 unique subdomains per week. A certificate with multiple names is often called a SAN certificate, or sometimes a UCC certificate.

Ref: https://letsencrypt.org/docs/rate-limits/

Thank you


#5

Hi

Thanks for you reply. The issue then is, the Plesk server, when allocating a cert to the alias domains, doesn’t allow you to choose which cert to use. How do I generate 2 (or more) certs and configure them?

regards
Justin


#6

I’m not sure how does Plesk operates in this way…
Could you please try to issue one certificate with 100 / 50 domains first, then on the same screen request another one (with not covered domain name)?

Thank you


#7

How do I do that? Plesk only allows me to auto add a certificate (one) but I can add new certificates by entering the certificate data?