Hey Everybody!
I have a bit of a unique situation, and could use some help.
For my web app, I have ~30 clients who all get their own branded version of the same website. They point a subdomain at my IP address, and we brand the site based on the incoming URL. I have already manually installed a Cert for each client, and that means that my default-ssl.conf file looks like this:
<VirtualHost $Internal_IP:443> ServerAdmin webmaster@localhost ServerName mainurl.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/mainurl.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/mainurl.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/mainurl.com/chain.pem </VirtualHost>
<VirtualHost $Internal_IP:443> ServerName subdomain.client1.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/letsencrypt/live/subdomain.client1.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.client1.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/subdomain.client1.com/chain.pem </VirtualHost>
<VirtualHost $Internal_IP:443> ServerName subdomain.client2.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/letsencrypt/live/subdomain.client2.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.client2.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/subdomain.client2.com/chain.pem </VirtualHost>
So when I run:
./letsencrypt-auto renew --dry-run --agree-tos
I get a lot of these errors:
WARNING:letsencrypt.cli: Attempting to renew cert from /etc/letsencrypt/renewal/subdomain.client1.com.conf produced an unexpected error: Failed to run Apache plugin non-interactively Missing command line flag or config entry for this setting: We were unable to find a vhost with a ServerName or Address of subdomain.client1.com. Which virtual host would you like to choose? Choices: [ 'test-conf.txt | subdomain.client22.com | HTTPS | ', 'apps.vhost | | | Enabled', '000-default.conf | | | Enabled', 'default-ssl.conf | subdomain.client20.com | HTTPS | Enabled', 'ispconfig.vhost | | HTTPS | Enabled', 'rtodev.com.vhost | Multiple Names | | Enabled'] (The best solution is to add ServerName or ServerAlias entries to the VirtualHost directives of your apache configuration files.). Skipping.
If I were doing this manually, I would choose default-ssl.conf. 2 problems:
- There is already a ServerName for every cert I’m trying to renew
- I would really like to not have to manually input the answer to this every time I have to renew a cert, but I cannot find the right flag. (Separate question, is there a list of flags for the le-auto script? Like a man page or something?)