dietpi-letsencrypt multiple domains

[Deleted User 612]

Hi

Is it possible to make dietpi-letsencrypt create certificates for multiple domains? I have set up a certificate for a domain that points to /var/www but say I also wanted one for a domain that points to /var/www/website is there any way to do this?

Thanks,

Tin

Edit: This is on apache2

[Fourdee]

Is it possible to make dietpi-letsencrypt create certificates for multiple domains?

Hi Tin,

Unfortunately, not at the moment.
The program is designed to assign the cert to the default webserver directory (/var/www) and config. It does not support multiple/custom sites or configurations at this time.

Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: https://github.com/Fourdee/DietPi/blob/ ... t#L98-L126

[Deleted User 612]

Hi Fourdee,

Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: https://github.com/Fourdee/DietPi/blob/ ... t#L98-L126

That is helpful, thanks! So basically that involves making an vhost entry then running certbot-auto with some parameters? Out of interest what do these do?

Code: Select all

 --duplicate --agree-tos $cli_redirect

Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it's really nice having it automated for you and have it setting up a cron job as well, especially if you're looking to host multiple websites. I might have a look at adding this if I get time.

[Fourdee]

Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it's really nice having it automated for you and have it setting up a cron job as well, especially if you're looking to host multiple websites. I might have a look at adding this if I get time.

Hi Tin,

Its not planned at the moment, but if you can create a ticket on Github, we can look into it: https://github.com/Fourdee/DietPi/issues. The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3

Code: Select all

--duplicate --agree-tos $cli_redirect

Duplicate means: If a cert already exists, overwrite it with this one.
Agree Tos means: I accept the terms and services of Certbot.
$cli_redirect: If this is enabled (--redirect), all http traffic will be forward to https

So basically that involves making an vhost entry then running certbot-auto with some parameters?

Not sure if i'am honest.
I think certbot just sends a simple ping on port 80, out from your system, back to the base webserver (eg: http://myweb.com). Once thats been accepted, certbot-auto will continue setting up the cert.

I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.

[Deleted User 612]

The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3

Yeah, not an easy task now that I think about it Though still feel it could be really useful to a lot of people and thus, something worth implementing, maybe I'm wrong though.

I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.

I tested running certbot-auto with subdomains and it works fine as far as I can tell, that cap is now 5 per week I beleive.

Edit: I'm not sure, but this might come in handy here https://certbot.eff.org/docs/using.html ... rtificates

[Scoindy]

Hi,

I also had the requirement to encrypt multiple subdomains/vhosts so I just grabbed the relevant sections from Fourdee's code into a script and hardcoded my subdomains (I'm using lighttpd) and it works perfectly:

#!/bin/bash
/etc/certbot_scripts/certbot-auto certonly --standalone --duplicate --agree-tos --redirect --rsa-key-size 2048 --email admin@scoindy's_domain1.net -d scoindy's_domain1.net -d scoindy's_domain2.net -d scoindy's_domain3.net

# - Create combined key
cd /etc/letsencrypt/live/"$LETSENCRYPT_DOMAIN"
cat privkey.pem cert.pem > combined.pem

cat << _EOF_ >| /etc/lighttpd/conf-enabled/letsencrypt.conf
\$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/scoindy's_domain1.net/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/scoindy's_domain1.net/fullchain.pem"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
ssl.honor-cipher-order = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
_EOF_

@Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it's seriously impressive. I'm not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.

[Fourdee]

@Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it's seriously impressive. I'm not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.

By all means, we need contributors for DietPi

If you work on the sourcecode, make sure your working on the current dev (testing) branch : https://github.com/Fourdee/DietPi/tree/testing

[AfouToPatisa]

Hey Dan,

I thought I will not open a new thread for this. So I generated 2 certificates using letsencrypt.
1) xxxxxx.duckdns.org
and 2) xxxxxx.online

I'm running lighttpd + letsecrypt.

Ever since I installed the last certificate (.online), my old domain (.duckdns) complains that the certificate is wrong because it's pointing at my .online domain. It states "You connection to this website is not secure" in big letter. If I cannot have SSL for multiple domains, can I at least remove the SSL from my .duckdns domain? Is there a CertBot command or a lighttpd.conf entry that does that?

Thank you in advance.