We are using cert bot tool to generate / create multi domain certificate from Let's Encrypt CA.
we are using following command
create CSR config file to generate CSR:
Example of csr file is:
default_bits = 2048 # RSA key size
encrypt_key = no # Protect private key
default_md = sha256 # MD to use
utf8 = yes # Input is UTF-8
string_mask = utf8only # Emit UTF-8 strings
prompt = no # Prompt for DN
distinguished_name = server_dn # DN template
req_extensions = server_reqext # Desired extensions
[ server_dn ]
countryName = CountryName # ISO 3166
stateOrProvinceName = StateName
localityName = CityName
organizationName = OrgName
organizationalUnitName = UnitName
commonName = domainname.tld # Should match a SAN under alt_names
[ server_reqext ]
basicConstraints = CA:FALSE
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
subjectAltName = @alt_names
[alt_names]
DNS.1 = domainname.tld #Example
DNS.2 = subdomain1.domainname.tld #Example
DNS.3 = subdomain2.domainname.tld #Example
openssl req -new -nodes -sha256 -out newcsr.csr -config cert.cfg -keyout private.key
certbot certonly --csr newcsr.csr --manual --preferred-challenges dns -d "domainname.tld" -d "subdomain1.domainname.tld" -d "subdomain2.domainname.tld"
now your file is generated use it and place it properly.
Comments