JOduMonT
(Jonathan Dumont)
July 3, 2018, 11:45am
1
I know;
maybe it’s not the way
but I wonder if…
their is a way to have multiple certification generated by let’s encrypt ?
I means I’m ready to do it via the cli
I just want separate certificate for different domain like
/etc/letsencrypt/live/domain1
/etc/letsencrypt/live/domain2
/etc/letsencrypt/live/domain3
…
danb35
(Dan)
July 3, 2018, 1:00pm
2
There isn’t a way to do this through the GUI. You could generate certs through the command line easily enough, but using them would be tricky. Why would you want to?
JOduMonT
(Jonathan Dumont)
July 3, 2018, 1:18pm
3
I must admit it’s pure aesthetic
I just don’t like mixing different domain on the same certificate.
maybe it’s a bad habit I develop by using certbot over docker
robb
(Rob Bosch)
July 3, 2018, 1:20pm
4
You could try to use a wildcard certificate. However, that would not cover multiple domains, but it would cover multiple subdomains. Wildcard Domain Step-By-Step - Help - Let's Encrypt Community Support
That would exactly be the biggest concern… But with Host multiple domains with a single certificate - Help - Let's Encrypt Community Support you can do it…
giacomo
(Giacomo Sanchietti)
July 3, 2018, 1:21pm
5
You don’t need it for this scenario.
All domains are added as SAN to the certificate, so you have one PEM to rule them all
This kind of where I am stuck now. Nethserver generates the pem but how do I automatically copy them to my other virtual machines.
danb35
(Dan)
July 3, 2018, 5:49pm
7
Depends a lot on the architecture of those VMs, but if they’re at all Unix-y, a simple script using a combination of scp
and ssh
should do the trick. You can see a couple of examples of how I did that here:
https://wiki.contribs.org/Letsencrypt#Obtaining_certificates_for_other_servers
1 Like
giacomo
(Giacomo Sanchietti)
July 4, 2018, 6:51am
8
Following Dan advise, @happnatious1 you can put your script inside the certificate-update event which is called every time the certificate is created or renewed.
danb35
(Dan)
July 4, 2018, 9:46am
9
…or, if you’re creating separate certs for those other internal servers, you can call the script using the --post-hook (IIRC) flag to certbot.
After doing some reading online I’m leaning towards rsync. It sounds like nethserver can be an rsync server and my other servers can be rsync clients. Then maybe I can use it for other files as well.
1 Like