Open masikh opened 1 year ago
Worked like a charm, thanks @masikh !
I disagree, the original script works very well for multiple domains.
When I first read the script, I was also a bit surprised by this mkdir
statement:
domains=(example.org www.example.org)
rsa_key_size=4096
data_path="./data/certbot"
# ...
mkdir -p "$data_path/conf/live/$domains"
But this is actually fine, domains
is a Bash array, and using $domains
will give you the first element of the array.
Try this:
echo "The value of domains is: $domains"
It will print The value of domains is: example.org
, without mentioning the second domain www.example.org
. So the mkdir
command is fine.
Now as far as the actual certbot
command is concerned, the original script is IMHO much better than @masikh's version above, because it only creates one certificate, which is valid for all the given domains. The above version on the other hand creates a separate certificate for every domain.
https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options says:
-d DOMAIN, --domains DOMAIN, --domain DOMAIN
Domain names to include. For multiple domains you can
use multiple -d flags or enter a comma separated list
of domains as a parameter. All domains will be
included as Subject Alternative Names on the
certificate. The first domain will be used as the
certificate name, unless otherwise specified or if you
already have a certificate with the same name. In the
case of a name conflict, a number like -0001 will be
appended to the certificate name. (default: Ask)
The problem seem to be that what @dietmar is saying works only for bash. In bash I get the same result that you got executing:
echo "The value of domains is: $domains"
But when executing the same 2 commands (including the same variable assignment) in zsh I got:
The value of domains is: example.org www.example.org
Met the same issue today on Ubuntu 20.0.4. I defined 2 domains in array, but all commands were completed for first domain only. I like the solution by masich more, because it's more intuitive, it's easier to read the code with explicitly defined cycles, and ofk it's more convinient to debug it.
Each has its own advantages, @masich is solution allows ssl for multiple different primary domains,@dietmar can only be configured for multiple second-level domain names under a single primary domain name
My proposed fix is below:
Main difference: Use each item from the array of domains...