dietpi-letsencrypt multiple domains

Hi :slight_smile:

Is it possible to make dietpi-letsencrypt create certificates for multiple domains? I have set up a certificate for a domain that points to /var/www but say I also wanted one for a domain that points to /var/www/website is there any way to do this?

Thanks,

Tin

Edit: This is on apache2

Is it possible to make dietpi-letsencrypt create certificates for multiple domains?

Hi Tin,

Unfortunately, not at the moment.
The program is designed to assign the cert to the default webserver directory (/var/www) and config. It does not support multiple/custom sites or configurations at this time.

Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: DietPi/dietpi/dietpi-letsencrypt at master 路 Fourdee/DietPi 路 GitHub

Hi Fourdee,

That is helpful, thanks! So basically that involves making an vhost entry then running certbot-auto with some parameters? Out of interest what do these do?

 --duplicate --agree-tos $cli_redirect

Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it鈥檚 really nice having it automated for you and have it setting up a cron job as well, especially if you鈥檙e looking to host multiple websites. I might have a look at adding this if I get time.

Hi Tin,

Its not planned at the moment, but if you can create a ticket on Github, we can look into it: Pull requests 路 Fourdee/DietPi 路 GitHub. The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3 :slight_smile:

鈥揹uplicate --agree-tos $cli_redirect

>

Duplicate means: If a cert already exists, overwrite it with this one.
Agree Tos means: I accept the terms and services of Certbot.
$cli_redirect: If this is enabled (--redirect), all http traffic will be forward to https

> So basically that involves making an vhost entry then running certbot-auto with some parameters?

Not sure if i'am honest.
I think certbot just sends a simple ping on port 80, out from your system, back to the base webserver (eg: http://myweb.com). Once thats been accepted, certbot-auto will continue setting up the cert.

I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.

Yeah, not an easy task now that I think about it :frowning: Though still feel it could be really useful to a lot of people and thus, something worth implementing, maybe I鈥檓 wrong though.

I tested running certbot-auto with subdomains and it works fine as far as I can tell, that cap is now 5 per week I beleive.

Edit: I鈥檓 not sure, but this might come in handy here User Guide 鈥 Certbot 2.7.0.dev0 documentation

Hi,

I also had the requirement to encrypt multiple subdomains/vhosts so I just grabbed the relevant sections from Fourdee鈥檚 code into a script and hardcoded my subdomains (I鈥檓 using lighttpd) and it works perfectly:

#!/bin/bash
/etc/certbot_scripts/certbot-auto certonly --standalone --duplicate --agree-tos --redirect --rsa-key-size 2048 --email admin@scoindy鈥檚_domain1.net -d scoindy鈥檚_domain1.net -d scoindy鈥檚_domain2.net -d scoindy鈥檚_domain3.net

- Create combined key

cd /etc/letsencrypt/live/"$LETSENCRYPT_DOMAIN"
cat privkey.pem cert.pem > combined.pem

cat << EOF >| /etc/lighttpd/conf-enabled/letsencrypt.conf
$SERVER[鈥渟ocket鈥漖 == 鈥:443鈥 {
ssl.engine = 鈥渆nable鈥
ssl.pemfile = 鈥/etc/letsencrypt/live/scoindy鈥檚_domain1.net/combined.pem鈥
ssl.ca-file = 鈥/etc/letsencrypt/live/scoindy鈥檚_domain1.net/fullchain.pem鈥
ssl.cipher-list = 鈥淓CDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM鈥
ssl.honor-cipher-order = 鈥渆nable鈥
ssl.use-sslv2 = 鈥渄isable鈥
ssl.use-sslv3 = 鈥渄isable鈥
}
EOF

@Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it鈥檚 seriously impressive. I鈥檓 not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.

By all means, we need contributors for DietPi :slight_smile:

If you work on the sourcecode, make sure your working on the current dev (testing) branch : https://github.com/Fourdee/DietPi/tree/testing

Hey Dan,

I thought I will not open a new thread for this. So I generated 2 certificates using letsencrypt.

  1. xxxxxx.duckdns.org
    and 2) xxxxxx.online

I鈥檓 running lighttpd + letsecrypt.

Ever since I installed the last certificate (.online), my old domain (.duckdns) complains that the certificate is wrong because it鈥檚 pointing at my .online domain. It states 鈥淵ou connection to this website is not secure鈥 in big letter. If I cannot have SSL for multiple domains, can I at least remove the SSL from my .duckdns domain? Is there a CertBot command or a lighttpd.conf entry that does that?

Thank you in advance.