Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple domain validation #27

Open
gagath opened this issue Jun 5, 2017 · 3 comments
Open

Multiple domain validation #27

gagath opened this issue Jun 5, 2017 · 3 comments
Labels
enhancement

Comments

@gagath
Copy link

gagath commented Jun 5, 2017

Thanks for this role, I have managed to run this and have certbot to generate SSL stuff. Great.

I understand that I can run multiple subdomains validation with the following:

- role: jaywink.letsencrypt
  letsencrypt_domain: domain1.example.com
  letsencrypt_email: example@example.com
- role: jaywink.letsencrypt
  letsencrypt_domain: domain1.example.com
  letsencrypt_email: example@example.com

However this is going to go each time throught the whole process of updating certbot and then requesting validation. What I think could be implemented is something like this:

- role: jaywink.letsencrypt
  letsencrypt_entries:
    - letsencrypt_domain: domain1.example.com
      letsencrypt_email: example@example.com
    - letsencrypt_domain: domain2.example.com
      letsencrypt_email: example@example.com
    - letsencrypt_domain: domain3.example.com
      letsencrypt_email: example@example.com
@gagath
Copy link
Author

gagath commented Jun 5, 2017

I have managed to create a small prototype on a fork branch: https://github.com/MicroJoe/ansible-letsencrypt/tree/feature/multiple-domains

However all the specified domains are going to be in the same certificate as alternative names. This brings privacy issues since all subdomains where the certificate apply can be extracted from the certificate. Using the multiple roles may be the way to go in case you do not want to share all of your subdomains in a certificate.

@jaywink
Copy link
Owner

jaywink commented Jun 5, 2017

Hey @MicroJoe !

I tend to agree having many domains in one certificate would not be the best way to go. Also it makes it difficult to know then what the path to the certificate is, if referring to them from web server configuration from many virtualhosts.

I love the idea of supporting multiple domains though! How about making the certbot command run through a loop, thus creating/renewing a cert for each domain in the list?

Does your use case require separate registration emails for each domain?

@gagath
Copy link
Author

gagath commented Jun 14, 2017

Hey, I have implemented this behavior in the branch I mentionned in my second post. It is working, you can check it (but I had to not support the automatic www feature because I did not need it and I think it as an awful feature 😉).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gagath @jaywink