Hello ,
we are planning for SSL for 100+ domains .
Can you help me in this ? We would like to use lets encrypt to secure the 100+ domains with a single certificate . I have the SSH access to my webservers and we are using all the 100+ domains currently . Is it possible ? If so how can you les us know the steps to do so.
(optional) We would like to use it with the AWS Certificate Manager to maintain the certificates .
please let me know asap .
Review other articles on this forum on how to deal with large number of certificates.
Doing due dilligence is something you should do before trying to use a technoogy.
If you have specific questions once you have a plan people may be able to assist but asking an open ended question like please do my thinking for me doesn’t really work.
Next suggested steps:
Review how Let’s Encrypt works
Make a plan of HOW YOU think you can go about getting what you need (with the server etc you have)
Ask any questions that you are stuck on
Try a small subset of what you are trying to do against the staging server
Andrei
Hello Andrei ,
Thanks for the feedback . I am new to Multi-Domain stuff . I have gone
through the Documents and also implemented it .
But can you tell me
- If I can request for a single Certificate and use it for 100 +Domains ?
- If yes , then for each new domain should i do the setup or just add the
domain to some config file . - Do you have a auto renew setup ,as i am using AWS Certificate Manager to
import the certificate . - with every new revoke will the key will change ?
Thank you for you time and patients.
Hope to hear from you asap
LE has a limit of 100 SAN’s in a single certificate. If you need to secure more than 100 domain names, you’ll need more than one certificate.
- It is possible, but as is noted in several other topics, you are limited to 100 names on a single certificate. If you need more names, you’ll need to request and manage multiple certificates.
- Due to rate limiting, you’ll want to request a certificate with all the names at one time. Configuration details are up to the tool you use. For instance, on certbot you will specify multiple -d switches, one per each domain.
- Some clients can handle renewal. Certbot, for example, can automatically renew an existing certificate when it’s about 3 weeks from expiring. I personally am not aware of anyone using AWS certificate manager, so you may need to develop your own solution.
- If you actively revoke a certificate, you should change the private key. A revocation is basically certifying that the key under the certificate has been compromised. If you mean renewal, it doesn’t need to change, but it’s a good idea to update the key for stronger security.
The only reason to revoke a certificate is because you believe the key has been compromised. So yes, in the case of revocation, you'd certainly create a new key. Otherwise, it's up to your client. certbot will, by default, create a new private key every time you renew the certificate.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.