Hi,
I have an already existing certs for 2 domain, done like this :
/root/bin/certbot-auto certonly --expand --email denis@example.net --webroot \
-w /home/example.net/htdocs/www -d www.example.net \
-w /home/example.net/htdocs/doli/htdocs -d doli.example.net
And then have
:/etc/letsencrypt# cat renewal/www.example.net.conf
# renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/www.example.net/cert.pem
privkey = /etc/letsencrypt/live/www.example.net/privkey.pem
chain = /etc/letsencrypt/live/www.example.net/chain.pem
fullchain = /etc/letsencrypt/live/www.example.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 89978d42325c7f16202ae7bf722c8064
authenticator = webroot
installer = None
webroot_path = /home/example.net/htdocs/www, /home/example.net/htdocs/dolibarr/htdocs
[[webroot_map]]
www.gsill.net = /home/example.net/htdocs/www
doli.gsill.net = /home/example.net/htdocs/dolibarr/htdocs
Seems OK, but then i try to expand actual cert with one server, then doing :
/root/bin/certbot-auto certonly --expand --email denis@example.net --webroot \
-w /home/example.net/htdocs/www -d www.example.net \
-w /home/example.net/htdocs/piwik -d piwik.example.net
But : it take a second cert with
:/etc/letsencrypt# cat renewal/www.example.net-0002.conf
# renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/www.example.net-0002/cert.pem
privkey = /etc/letsencrypt/live/www.example.net-0002/privkey.pem
chain = /etc/letsencrypt/live/www.example.net-0002/chain.pem
fullchain = /etc/letsencrypt/live/www.example.net-0002/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = 89978d42325c7f16202ae7bf722c8064
webroot_path = /home/example.net/htdocs/www, /home/example.net/htdocs/piwik
[[webroot_map]]
piwik.gsill.net = /home/example.net/htdocs/piwik
www.gsill.net = /home/example.net/htdocs/www
The only way to expand (with my method) an existing cert is to add ALL server in command line:
/root/bin/certbot-auto certonly --expand --email denis@example.net --webroot \
-w /home/example.net/htdocs/www -d www.example.net \
-w /home/example.net/htdocs/doli/htdocs -d doli.example.net \
-w /home/example.net/htdocs/piwik -d piwik.example.net
with this instruction certbot really expand www.example.net.conf and not create a new cert.
The user guide seems to show we can add only one server at the command line:
--expand If an existing cert covers some subset of the requested names, always expand and replace it with the additional names. (default: False)
An error from me ? The doc ? Or a bug in certbot ?
Thanks a lot.
PS : unsure for category : seems related top certbot, not really help ?