Let's encrypt Multi certificate?

letsencrypt
v7

(Jonathan Dumont) #1

I know;
maybe it’s not the way
but I wonder if…

their is a way to have multiple certification generated by let’s encrypt ?

I means I’m ready to do it via the cli
I just want separate certificate for different domain like

/etc/letsencrypt/live/domain1
/etc/letsencrypt/live/domain2
/etc/letsencrypt/live/domain3


(Dan) #2

There isn’t a way to do this through the GUI. You could generate certs through the command line easily enough, but using them would be tricky. Why would you want to?


(Jonathan Dumont) #3

I must admit it’s pure aesthetic
I just don’t like mixing different domain on the same certificate.

maybe it’s a bad habit I develop by using certbot over docker


(Rob Bosch) #4

You could try to use a wildcard certificate. However, that would not cover multiple domains, but it would cover multiple subdomains. https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250

That would exactly be the biggest concern… But with https://community.letsencrypt.org/t/host-multiple-domains-with-a-single-certificate/20917 you can do it…


(Giacomo Sanchietti) #5

You don’t need it for this scenario.
All domains are added as SAN to the certificate, so you have one PEM to rule them all :wink:


(Bill ) #6

This kind of where I am stuck now. Nethserver generates the pem but how do I automatically copy them to my other virtual machines.


(Dan) #7

Depends a lot on the architecture of those VMs, but if they’re at all Unix-y, a simple script using a combination of scp and ssh should do the trick. You can see a couple of examples of how I did that here:
https://wiki.contribs.org/Letsencrypt#Obtaining_certificates_for_other_servers


(Giacomo Sanchietti) #8

Following Dan advise, @happnatious1 you can put your script inside the certificate-update event which is called every time the certificate is created or renewed.


(Dan) #9

…or, if you’re creating separate certs for those other internal servers, you can call the script using the --post-hook (IIRC) flag to certbot.


(Bill ) #10

After doing some reading online I’m leaning towards rsync. It sounds like nethserver can be an rsync server and my other servers can be rsync clients. Then maybe I can use it for other files as well.