I’ve been trying to find the answer to this question online, and I have a mixed understanding from some of the dialog that I’ve seen so far.
I have already been successful in deploying the Let’s Encrypt BETA across several servers in a 1-to-1 certificate-to-site capacity.
I’ve now hit the current “5 certs in 7 day” rate limit, and through my research, I’m wondering if my setup qualifies for a single SAN certificate, instead of multiple individual certs.
My setup is as follows:
I’ve read other articles and forums related to this topic such as:
- One issuer server for multiple servers
- Let’s Encrypt in manual mode
- subjectAltName (SAN)
- Two questions about 5 cert per domain rate limit
- Too many certificates already issued
… to name a few.
My main 3 questions are:
A) Is it possible to have ONE (1) “SAN” type certificate for (copied to) TWO (2) different servers that have the same “Top Level Domain” (with multiple sub-domains) shared between machines?
B) Will this be counted as only “1” unit, towards the Let’s Encrypt rate limit of “5 certs in 7 days”?
C) In the post “Using Let’s Encrypt in manual mode” (linked above), it mentions:
“…Note that each domain you submit must be accessible both from the internet and from the computer where the letsencrypt program is run…”
Even if all these URLs are accessible from the Internet, as they are on 2 different servers, when the letsencrypt program runs, will it allow for sub-domains NOT hosted on that particular server to be added to the SAN certificate?
Thanks, I appreciate the advice in advance…