Let's encrypt Multi certificate?

I know;
maybe it’s not the way
but I wonder if…

their is a way to have multiple certification generated by let’s encrypt ?

I means I’m ready to do it via the cli
I just want separate certificate for different domain like

/etc/letsencrypt/live/domain1
/etc/letsencrypt/live/domain2
/etc/letsencrypt/live/domain3

There isn’t a way to do this through the GUI. You could generate certs through the command line easily enough, but using them would be tricky. Why would you want to?

I must admit it’s pure aesthetic
I just don’t like mixing different domain on the same certificate.

maybe it’s a bad habit I develop by using certbot over docker

You could try to use a wildcard certificate. However, that would not cover multiple domains, but it would cover multiple subdomains. https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250

That would exactly be the biggest concern… But with https://community.letsencrypt.org/t/host-multiple-domains-with-a-single-certificate/20917 you can do it…

You don’t need it for this scenario.
All domains are added as SAN to the certificate, so you have one PEM to rule them all :wink:

This kind of where I am stuck now. Nethserver generates the pem but how do I automatically copy them to my other virtual machines.

Depends a lot on the architecture of those VMs, but if they’re at all Unix-y, a simple script using a combination of scp and ssh should do the trick. You can see a couple of examples of how I did that here:
https://wiki.contribs.org/Letsencrypt#Obtaining_certificates_for_other_servers

1 Like

Following Dan advise, @happnatious1 you can put your script inside the certificate-update event which is called every time the certificate is created or renewed.

…or, if you’re creating separate certs for those other internal servers, you can call the script using the --post-hook (IIRC) flag to certbot.

After doing some reading online I’m leaning towards rsync. It sounds like nethserver can be an rsync server and my other servers can be rsync clients. Then maybe I can use it for other files as well.

1 Like