search

VojtechMyslivec / letsencrypt-zimbra

Files to automate the deployment process of Let's Encrypt certificates to Zimbra Collaboration Suite
GNU General Public License v3.0
171 stars 92 forks source link

Can you issue SAN certificate ? #36

Closed achilles03anil closed 6 years ago

achilles03anil commented 7 years ago

For multiple domain still having problems with multiple certificate

VojtechMyslivec commented 7 years ago

I am sorry but I am not able to help you if you don't provide any details.

Have you correctly configure the script with your server domain names? There is a commented-out example in the config file with several domain names. It will actually generates a certificate with given alternative names.

All of these DNS names must point to your server and must be accessible from the Internet so Let's Encrypt authority .

To debug the problem, run letsencrypt-zimbra script with -v (verbose output) and -t (for testing against staging environment). Also check log of certbot utility. It should be located in /var/log/letsencrypt/letsencrypt.log

achilles03anil commented 7 years ago

By your script it generates 2 different certificate for 2 Different domain. My Question is that can we generate 1 Certificate for multiple domains using the similar Code "letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com"

VojtechMyslivec commented 7 years ago

Yes, it should generate 1 certificate. The script is not capable to generate (and mainly deploy) more than 1 certificate for each run.

If I configure:

common_names=(mail.example.com smtp.example.com)

(see example in comment above, I have fixed the link)

and run letsencrypt-zimbra, I get a certificate, which looks like:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:...:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Nov  3 20:45:55 2017 GMT
            Not After : Feb  1 20:45:55 2018 GMT
        Subject: CN = mail.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                    ...
        X509v3 extensions:
            ...
            X509v3 Subject Alternative Name: 
                DNS:mail.example.com, DNS:smtp.example.com
            ...
    Signature Algorithm: sha256WithRSAEncryption
         ...
achilles03anil commented 6 years ago

Thank you for your information. I check it and is working with one certificate for multiple domains.