Koozali.org: home of the SME Server

Letsencrypt clarification

Offline calisun

  • *
  • 601
  • +0/-0
Letsencrypt clarification
« on: July 09, 2020, 07:39:26 AM »
Sorry for a dumb question, but I have searched and looked through wiki and no luck.

I have couple of domains that use Letsencrypt for couple of years now, everything works great.

Now I need to add couple more domains. My question is, when adding new domains, do I also need to list existing domains as well or just list new domains?

for an example:

existing domains
domain1.com
domain2.com

so should I just do:
db domains setprop domain3.com  letsencryptSSLcert enabled
db hosts setprop www.domain3.com letsencryptSSLcert enabled
db domains setprop domain4.com  letsencryptSSLcert enabled
db hosts setprop www.domain4.com letsencryptSSLcert enabled

Or do I need to re-list old domains as well?

db domains setprop domain1.com  letsencryptSSLcert enabled
db hosts setprop www.domain1.com letsencryptSSLcert enabled
db domains setprop domain2.com  letsencryptSSLcert enabled
db hosts setprop www.domain2.com letsencryptSSLcert enabled
db domains setprop domain3.com  letsencryptSSLcert enabled
db hosts setprop www.domain3.com letsencryptSSLcert enabled
db domains setprop domain4.com  letsencryptSSLcert enabled
db hosts setprop www.domain4.com letsencryptSSLcert enabled
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Letsencrypt clarification
« Reply #1 on: July 09, 2020, 10:09:30 AM »
Can't add a key that is already there :-)

Just add your new ones and update with console-save and dehydrated -c -x (check wiki)

But make sure you are using API 2. Old certs under API 1 can be renewed but new ones will not be issued.

Also, set test mode again to check unless you are absolutely sure the domains/hosts are resolvable.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline calisun

  • *
  • 601
  • +0/-0
Re: Letsencrypt clarification
« Reply #2 on: July 12, 2020, 12:15:44 AM »
Thank you,

I have another question, is it possible for certificate not to list all domains on one certificate?

when looking at certificate I see:

Subject Name ---------------------
Common Name MyCompanyURL.com

Subject Alt Names -----------------
DNS Name   domain1.com
DNS Name   domain2.com
DNS Name   domain3.com
DNS Name   domain4.com

And above information shows even if I did Not go to "MyCompanyURL.com" I went to "domain1.com" but it still shows "MyCompanyURL.com" and all other Domains on one certificate.
 
Is it possible for each domain not link to other domains, but be it's own certificate holder?

« Last Edit: July 12, 2020, 12:39:03 AM by calisun »
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Letsencrypt clarification
« Reply #3 on: July 12, 2020, 07:58:28 PM »
Simple answer is yes.

But.....

You're going to have to wrote a load of code yourself.

First, list each domain and it's hosts per line in domains.txt

That will get you 'per domain' certificates.

Now you just have to deploy them per domain via apache..... which is where your fun will start.

We may be doing this in v10 (if we have time and help), but on v9 we just did KISS.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline calisun

  • *
  • 601
  • +0/-0
Re: Letsencrypt clarification
« Reply #4 on: July 12, 2020, 11:15:57 PM »
Thank you ReetP.

I did some digging around and found this. Is this pointing me in the right direction?

https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Letsencrypt clarification
« Reply #5 on: July 12, 2020, 11:24:02 PM »
Probably.

It will likely change with v10 (apache + php fpm etc) so I wouldn't waste too much time on it.

We're too busy trying to get v10 out to worry about development on v9 so you're on your own here I'm afraid.

I'd focus your efforts on helping with v10.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation