[GTALUG] SSL Certs for both web and email servers
John Sellens
jsellens at syonex.com
Tue Dec 1 03:34:06 EST 2020
On Tue, 2020/12/01 08:16:49AM +0200, ac via talk <talk at gtalug.org> wrote:
| > I have three domains and a small but invariant number of subdomains
| > that I want to encrypt - should I try to pull them all under one SSL
| > cert, or do one for each domain, or one for every subdomain? I don't
| > need a wildcard, but I would like something relatively painless if
| > possible.
|
| yes, in your case, and for painless and easy, just use the domain name
| and one cert. so, instead of mail.example.com and www.example.com
| - just use example.com.
I think that might cause client complaints in some cases.
I think letsencrypt now provides wildcard certifications, but you
can use mutliple -d options when creating or updating a certificate e.g.
certbot certonly \
--non-interactive \
--expand \
--webroot \
-w /var/www/html/letsencrypt \
--cert-name www.example.com \
-d example.com \
-d mail.example.com \
-d blog.example.com
And then the one certificate is valid for all those names.
Hope that helps - letsencrypt is really remarkably convenient.
John
More information about the talk
mailing list