Richard Hector wrote:> otherwise you'll have to use DNS challenge method > to support multiple hostnames on the same certificate.do you know how to implement this? the original certificates were issued for domain: sample.com. But this certs can be used for any.sample.com too? Thanks
On 24/4/22 9:14 am, ??? (alice) wrote:> > > Richard Hector wrote: >> otherwise you'll have to use DNS challenge method >> to support multiple hostnames on the same certificate. > > do you know how to implement this? > > the original certificates were issued for domain: sample.com. > But this certs can be used for any.sample.com too? > >There is a procedure for wildcards but it's a little complex. It helps to have your own bind server. For a start: https://www.digitalocean.com/community/tutorials/how-to-create-let-s-encrypt-wildcard-certificates-with-certbot -- Jeremy -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20220424/88559590/attachment.sig>
On 24/04/22 13:14, ??? (alice) wrote:> > > Richard Hector wrote: >> otherwise you'll have to use DNS challenge method >> to support multiple hostnames on the same certificate.Um, no I didn't. I replied to that. Please check your attributions :-) Cheers, Richard
On Sun, 24 Apr 2022, ??? (alice) wrote:> [Actually, I wrote] >> otherwise you'll have to use DNS challenge method >> to support multiple hostnames on the same certificate. > > do you know how to implement this?Others have pointed out resources, but at a very basic level, you'll need a scriptable way to add TXT records for your domain. Plenty of ACMEbots supply plugins for various cloud provider APIs, but if you're running your own DNS server like I am, you may have roll your own plugin. If you don't have this level of control over your DNS zone, you'll have to bodge it with HTTP challenge and a stub web servers.> the original certificates were issued for domain: sample.com. > But this certs can be used for any.sample.com too?For wildcarded certs (valid for *.sample.com), your only recourse is use DNS challenges. Joseph Tam <jtam.home at gmail.com>