dietpi-letsencrypt multiple domains Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Deleted User 612

dietpi-letsencrypt multiple domains

Post by Deleted User 612 »

Hi :)

Is it possible to make dietpi-letsencrypt create certificates for multiple domains? I have set up a certificate for a domain that points to /var/www but say I also wanted one for a domain that points to /var/www/website is there any way to do this?

Thanks,

Tin

Edit: This is on apache2
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: dietpi-letsencrypt multiple domains

Post by Fourdee »

Is it possible to make dietpi-letsencrypt create certificates for multiple domains?
Hi Tin,

Unfortunately, not at the moment.
The program is designed to assign the cert to the default webserver directory (/var/www) and config. It does not support multiple/custom sites or configurations at this time.

Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: https://github.com/Fourdee/DietPi/blob/ ... t#L98-L126
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Deleted User 612

Re: dietpi-letsencrypt multiple domains

Post by Deleted User 612 »

Hi Fourdee,
Fourdee wrote: Not sure if its helpful, but here is the current sourcecode for creating the Apache2 cert: https://github.com/Fourdee/DietPi/blob/ ... t#L98-L126
That is helpful, thanks! So basically that involves making an vhost entry then running certbot-auto with some parameters? Out of interest what do these do?

Code: Select all

 --duplicate --agree-tos $cli_redirect
Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it's really nice having it automated for you and have it setting up a cron job as well, especially if you're looking to host multiple websites. I might have a look at adding this if I get time.
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: dietpi-letsencrypt multiple domains

Post by Fourdee »

Tin Minnow wrote:Is there any plan to add this functionality to dietpi-letsencrypt in the future? I only ask because it's really nice having it automated for you and have it setting up a cron job as well, especially if you're looking to host multiple websites. I might have a look at adding this if I get time.
Hi Tin,

Its not planned at the moment, but if you can create a ticket on Github, we can look into it: https://github.com/Fourdee/DietPi/issues. The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3 :)

Code: Select all

--duplicate --agree-tos $cli_redirect
Duplicate means: If a cert already exists, overwrite it with this one.
Agree Tos means: I accept the terms and services of Certbot.
$cli_redirect: If this is enabled (--redirect), all http traffic will be forward to https
So basically that involves making an vhost entry then running certbot-auto with some parameters?
Not sure if i'am honest.
I think certbot just sends a simple ping on port 80, out from your system, back to the base webserver (eg: http://myweb.com). Once thats been accepted, certbot-auto will continue setting up the cert.

I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Deleted User 612

Re: dietpi-letsencrypt multiple domains

Post by Deleted User 612 »

Fourdee wrote: The main issue is we would need to support all 3 webservers for this, so initially a simple job, multiplied by 3 :)
Yeah, not an easy task now that I think about it :( Though still feel it could be really useful to a lot of people and thus, something worth implementing, maybe I'm wrong though.
Fourdee wrote:I'am also not sure if certbot-auto works with subdomains. A good example is users trying to use http://mywebsite.noip.org. Regardless of the subdomain, Certbot only allows 5 certs per month (from my testing a while back). So Free NoIp users cannot setup a cert.
I tested running certbot-auto with subdomains and it works fine as far as I can tell, that cap is now 5 per week I beleive.

Edit: I'm not sure, but this might come in handy here https://certbot.eff.org/docs/using.html ... rtificates
Scoindy

Re: dietpi-letsencrypt multiple domains

Post by Scoindy »

Hi,

I also had the requirement to encrypt multiple subdomains/vhosts so I just grabbed the relevant sections from Fourdee's code into a script and hardcoded my subdomains (I'm using lighttpd) and it works perfectly:

#!/bin/bash
/etc/certbot_scripts/certbot-auto certonly --standalone --duplicate --agree-tos --redirect --rsa-key-size 2048 --email admin@scoindy's_domain1.net -d scoindy's_domain1.net -d scoindy's_domain2.net -d scoindy's_domain3.net

# - Create combined key
cd /etc/letsencrypt/live/"$LETSENCRYPT_DOMAIN"
cat privkey.pem cert.pem > combined.pem

cat << _EOF_ >| /etc/lighttpd/conf-enabled/letsencrypt.conf
\$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/scoindy's_domain1.net/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/scoindy's_domain1.net/fullchain.pem"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
ssl.honor-cipher-order = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
_EOF_

@Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it's seriously impressive. I'm not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: dietpi-letsencrypt multiple domains

Post by Fourdee »

Scoindy wrote: @Fourdee I just came across this distro yesterday when I decided to build a nextcloud server and it's seriously impressive. I'm not sure what the contribution policy is but I just forked your repo and am happy to add support for multiple domains for all the webservers.
By all means, we need contributors for DietPi :)

If you work on the sourcecode, make sure your working on the current dev (testing) branch : https://github.com/Fourdee/DietPi/tree/testing
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
AfouToPatisa

Re: dietpi-letsencrypt multiple domains

Post by AfouToPatisa »

Hey Dan,

I thought I will not open a new thread for this. So I generated 2 certificates using letsencrypt.
1) xxxxxx.duckdns.org
and 2) xxxxxx.online

I'm running lighttpd + letsecrypt.

Ever since I installed the last certificate (.online), my old domain (.duckdns) complains that the certificate is wrong because it's pointing at my .online domain. It states "You connection to this website is not secure" in big letter. If I cannot have SSL for multiple domains, can I at least remove the SSL from my .duckdns domain? Is there a CertBot command or a lighttpd.conf entry that does that?

Thank you in advance.
Post Reply