What you need is a single certificate for all the domains/subdomains.
If you only need the certificate for subdomains (ie you’ll never do domain mapping), then you can request a wildcard certificate for the primary domain. This way, you don’t need to do anything if you add new subdomains. But you may have to authenticate via DNS, depending on your certbot setup.
On the other hand, if you’ll use domain mapping, then simply put all your domains (and subdomains) into the SAN field of the same, single certificate. You can easily add multiple domains in a single certbot request like:
certbot --apache -d example.com -d www.example.com -d sub1.example.com -d www.example.org
(You can have up to 100 domains/subdomains in a LetsEncrypt cert, ie one “subject” domain and 99 “alternative” domains)
So I guess I need to create a vhost for se.tld.com.
No, you don’t.
Thread Starter
drgued
(@drgued)
Thanks for your time George!
I’ve retried this and I get this error;
certbot --apache -d example.no -d www.example.no -d se.example.no -d www.se.example.no -d example.se -d www.example.se
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/example.se.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of se.example.no.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | Multiple Names | | Enabled
2: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of www.se.example.no.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | Multiple Names | | Enabled
2: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
VirtualHost not able to be selected.
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.se/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.se/privkey.pem
Your cert will expire on 2021-08-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
you will use Certbot to obtain a free SSL certificate for Apache You can follow this introduction to DigitalOcean DNS for details on how to add them. This tutorial will use /etc/apache2/sites-available/your_domain.conf as an example.
walgreenslistens
