Join the community today
Register Now

Letsencrypt multiple top level domains in a single webroot

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Kintaro, Nov 13, 2018.

  1. Kintaro

    Kintaro Member

    106
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    8:27 PM
    1.15.x
    MariaDB 10
    I have a single script (prestashop) with multishop feature active.

    the two domains are:
    domain1.com
    domain2.com

    so not subdomain1.domain1.com, subdomain2.domain1.com

    @eva2000 in your example I can see that acmetools can work only with one domain and multiple subdomains... right?

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,555
    12,223
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,792
    Local Time:
    5:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no you can substitute subdomain for any top level domain name you want..

    i.e. for newdomain.com and newdomain2.com would be
    Code (Text):
    -d newdomain.com -d www.newdomain.com -d newdomain2.com -d www.newdomain2.com
    


    i revised my reply in previous thread so posting it here again as you can use acmetool.sh directory for new vhost or need to use manual method for existing already created nginx vhosts

    If you want all these 5 domain/subdomains on same Letsencrypt SSL certification for pointing to the same single script/site vhost at /home/nginx/domains/domain.com/public web root.
    • domain.com
    • www.domain.com
    • sub1.domain.com
    • sub2.domain.com
    • sub3.domain.com
    If you have not yet created any of the 5 domains/nginx vhosts, you can use addons/acmetool.sh directly via SANS Multi-Domain SSL Certificates method.

    But if you already created domain.com (example below newdomain.com), then you would have to manually do it using existing vhost guide just with minor change to step 4 instead. So for step 4 of the existing vhost guide, instead of these 2 commands
    Code (Text):
    /root/.acme.sh/acme.sh --force --issue --days 60 -d newdomain.com -d www.newdomain.com -w /home/nginx/domains/newdomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-newdomain.com.log --log-level 2
    /root/.acme.sh/acme.sh --installcert -d newdomain.com -d www.newdomain.com --certpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.key --capath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-fullchain-acme.key
    

    where you have
    Code (Text):
    -d newdomain.com -d www.newdomain.com
    

    it would be changed to
    Code (Text):
    /root/.acme.sh/acme.sh --force --issue --days 60 -d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com -w /home/nginx/domains/newdomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-newdomain.com.log --log-level 2
    /root/.acme.sh/acme.sh --installcert -d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com --certpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.key --capath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-fullchain-acme.key
    

    so pass all domains your want on your letsencrypt ssl certificate
    Code (Text):
    -d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com
    

    Note all domains have to have DNS with A records pointing to server IP first and nginx vhost server_name directive has to list them all first too i.e.
    Code (Text):
    server {
      listen 443 ssl http2;
      server_name newdomain.com www.newdomain.com sub1.newdomain.com sub2.newdomain.com sub3.newdomain.com;
    

    Note all domain/subdomains listed in server_name directive would need to be exclusive used in the same single nginx vhost site and not have been created anywhere else on the server i.e. additional/separate centmin.sh menu option 2/22/nv cmd created nginx vhosts should NOT have same domain/subdomain names.

    If you have existing /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf and/or /usr/local/nginx/conf/conf.d/newdomain.com.conf nginx vhosts, back those up as the contents may be changed by the letsencrypt ssl cert process done during setup.

    You may want to start your own dedicated thread for your question in this forum at Domains, DNS, Email & SSL Certificates to discuss further.
     
  3. Kintaro

    Kintaro Member

    106
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    8:27 PM
    1.15.x
    MariaDB 10
    what you call newdomain.com is the already existing domain right?

    plus I need to set the webroot to the existing domain/vhost right?

    Code:
    /root/.acme.sh/acme.sh --force --issue --days 60 -d existingdomain.com -d www.existingdomain.com -d newdomain.com -d www.newdomain.com -w /home/nginx/domains/existingdomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-newdomain.com.log --log-level 2
    it changes anything if existingdomain.com already have a let's encrypt cert correctly installed?

    p.s. how about make code bbcode with black background by default?
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,555
    12,223
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,792
    Local Time:
    5:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes and yes

    yup

    thought about it but decided against it
     
  5. Kintaro

    Kintaro Member

    106
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    8:27 PM
    1.15.x
    MariaDB 10
    another thing: as I have already issued correctly the certificate for existingdomain.com I need to re-do all the steps or can I do:
    • "modified" step 4 (adding -d newdomain.com and -d www.newdomain.com)
    • avoid step 5
    • and do step 6 to only add newdomain.com to the existing vhost config like:
    Code (Text):
    server_name existingdomain.com www.existingdomain.com newdomain.com www.newdomain.com;
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,555
    12,223
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,792
    Local Time:
    5:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you need to do server_name modification BEFORE doing modified step 4 otherwise letsencrypt domain validation will fail when it checks for the 2nd domain
     
  7. Kintaro

    Kintaro Member

    106
    11
    18
    Dec 2, 2016
    Italy
    Ratings:
    +30
    Local Time:
    8:27 PM
    1.15.x
    MariaDB 10
    done! it's working (y)
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,555
    12,223
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,792
    Local Time:
    5:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Glad to hear :)
     
  9. Peter Nehem

    Peter Nehem It hates everything I try to type here

    11
    9
    3
    Nov 22, 2017
    Tucson, Arizona USA
    Ratings:
    +13
    Local Time:
    12:27 PM
    1.15.0
    MariaDB 10.1.34
    Great info, will have to check/try this out soon!