LetsEncrypt

Months ago, I started setting up LetsEncrypt using certbot on my Debian web server. It hosts multiple virtual hosts, so I setup 2 different sets of certificates: one for hjsoft.com/www.hjsoft.com and the other for johnflinchbaugh.com/www.johnflinchbaugh.com/blog.johnflinchbaugh.com.

On Debian, at least when I got started, it was recommernded to have certbot shutdown your apache2 and let it start its own temporary web server to verify the LetsEncrypt setup (--authenticator standalone). The other trick is to register multiple domain names for one certificate by repeating the -d option. I did this with this invocation:

certbot \
    --pre-hook "systemctl stop apache2" \
    --post-hook "systemctl start apache2" \
    --authenticator standalone \
    --installer apache \
    -d johnflinchbaugh.com \
    -d www.johnflinchbaugh.com \
    -d blog.johnflinchbaugh.com

I got it started a couple months ago, but I didn’t know how to setup multiple domain names, so I was always getting errors that this certificate was for a different name: johnflinchbaugh.com instead of www.johnflinchbaugh.com, etc.

That’s all sorted out now, and all my sites should be SSL all the time.

For more information on setup, certbot has a great set of guides based on your OS and web server.


Filed Under: Linux Web-Dev