Certbot会跳过存储第二个子域的证书

时间:2018-02-18 18:06:19

标签: ubuntu-16.04 lets-encrypt certbot

这就是我为两个子域创建两个证书所运行的。

VPNHOST="vpn-i.example.com"
APIHOST="api-i.example.com"

certbot certonly --non-interactive --agree-tos --email $EMAIL --webroot -w /var/www/letsencrypt/api -d $APIHOST -w /var/www/letsencrypt/vpn -d $VPNHOST

According to the logs it has accepted both entries and has sent and received the challenge, but it has written the certificate only for api entry.

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Running pre-hook command: /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for api-i.example.com
    http-01 challenge for vpn-i.example.com
    Using the webroot path /var/www/letsencrypt/vpn for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Running post-hook command: /sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT

    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/api-i.example.com/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/api-i.example.com/privkey.pem
       Your cert will expire on 2018-05-19. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot
       again. To non-interactively renew *all* of your certificates, run
       "certbot renew"

查看文件夹,我只看到api证书:

ls /etc/letsencrypt/live/
api-i.example.com

0 个答案:

没有答案