Hi 
Is it possible to make dietpi-letsencrypt create certificates for multiple domains? I have set up a certificate for a domain that points to /var/www but say I also wanted one for a domain that points to /var/www/website is there any way to do this?
Thanks,
Tin
Edit: This is on apache2
Is it possible to make dietpi-letsencrypt create certificates for multiple domains?
Hi Tin,
Unfortunately, not at the moment.
The program is designed to assign the cert to the default webserver directory (/var/www) and config. It does not support multiple/custom sites or configurations at this time.
Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: DietPi/dietpi/dietpi-letsencrypt at master · Fourdee/DietPi · GitHub
Hi Fourdee,
That is helpful, thanks! So basically that involves making an vhost entry then running certbot-auto with some parameters? Out of interest what do these do?
--duplicate --agree-tos $cli_redirect
Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it’s really nice having it automated for you and have it setting up a cron job as well, especially if you’re looking to host multiple websites. I might have a look at adding this if I get time.
Hi Tin,
Its not planned at the moment, but if you can create a ticket on Github, we can look into it: Pull requests · Fourdee/DietPi · GitHub. The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3 
–duplicate --agree-tos $cli_redirect
>
Duplicate means: If a cert already exists, overwrite it with this one.
Agree Tos means: I accept the terms and services of Certbot.
$cli_redirect: If this is enabled (--redirect), all http traffic will be forward to https
> So basically that involves making an vhost entry then running certbot-auto with some parameters?
Not sure if i'am honest.
I think certbot just sends a simple ping on port 80, out from your system, back to the base webserver (eg: http://myweb.com). Once thats been accepted, certbot-auto will continue setting up the cert.
I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.Yeah, not an easy task now that I think about it 
Though still feel it could be really useful to a lot of people and thus, something worth implementing, maybe I’m wrong though.
I tested running certbot-auto with subdomains and it works fine as far as I can tell, that cap is now 5 per week I beleive.
Edit: I’m not sure, but this might come in handy here User Guide — Certbot 2.7.0.dev0 documentation
Hi,
I also had the requirement to encrypt multiple subdomains/vhosts so I just grabbed the relevant sections from Fourdee’s code into a script and hardcoded my subdomains (I’m using lighttpd) and it works perfectly:
#!/bin/bash
/etc/certbot_scripts/certbot-auto certonly --standalone --duplicate --agree-tos --redirect --rsa-key-size 2048 --email admin@scoindy’s_domain1.net -d scoindy’s_domain1.net -d scoindy’s_domain2.net -d scoindy’s_domain3.net
cd /etc/letsencrypt/live/"$LETSENCRYPT_DOMAIN"
cat privkey.pem cert.pem > combined.pem
cat << EOF >| /etc/lighttpd/conf-enabled/letsencrypt.conf
$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/letsencrypt/live/scoindy’s_domain1.net/combined.pem”
ssl.ca-file = “/etc/letsencrypt/live/scoindy’s_domain1.net/fullchain.pem”
ssl.cipher-list = “ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM”
ssl.honor-cipher-order = “enable”
ssl.use-sslv2 = “disable”
ssl.use-sslv3 = “disable”
}
EOF
@Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it’s seriously impressive. I’m not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.
By all means, we need contributors for DietPi
If you work on the sourcecode, make sure your working on the current dev (testing) branch : https://github.com/Fourdee/DietPi/tree/testing
Hey Dan,
I thought I will not open a new thread for this. So I generated 2 certificates using letsencrypt.
I’m running lighttpd + letsecrypt.
Ever since I installed the last certificate (.online), my old domain (.duckdns) complains that the certificate is wrong because it’s pointing at my .online domain. It states “You connection to this website is not secure” in big letter. If I cannot have SSL for multiple domains, can I at least remove the SSL from my .duckdns domain? Is there a CertBot command or a lighttpd.conf entry that does that?
Thank you in advance.