1

I want to create one SSL certificate for three domains that should be handled by the same nginx webserver.

example.com cdn.example.com example.external.com

The first is our main domain name, the second is the CDN. They are both on Amazon Route 53, but the CDN forwards to AWS cloudfront. I can create a LetsEncrypt SSL certificate with the Route-53 plugin for the first two.

The third domain name is not under my control but a simple DNS A-record that forwards to our server. I can use an nginx challenge okay, but certbot does not seem to allow both an nginx and letsencrypt cert request.

Has anyone managed to do this for one certificate? I don't think I can bypass the route-53 challenge because of the CDN. Or should I give up on the one-server setup and simply define different nginx hosts?

Improve this question

1 Answer 1

Reset to default
1

I think you're going to need two different certs.

You are authenticating the first two domains using a DNS challenge (in this case Route 53), which is great since the caching issue may prevent Let's Encrypt from using the HTTP-01 challenge.

The third domain's authentication MUST be done using HTTP-01 challenge since you cannot use a DNS challenge, since the domain doesn't belong to you.

It might be worth a shot to do HTTP-01 challenge for all three domains, though I'm worried the caching brought on by CloudFront might pose issues.

Improve this answer
1
  • Thanks for chiming in, turns out it was indeed the easiest route to add another server config with a dedicated SSL on a separate certbot challenge. Commented Dec 16, 2019 at 17:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.