0

I have a VPS that hosts 2 websites, and I have 2 domains, domain1.com and domain2.com

Server Nginx running on Ubuntu 20.04

I installed certbot and nginx according to their instructions and CA is Letsencrypt.

The problem is that when I visit https://domainX.com and click on the lock icon to view the cert (in Firefox) and select 'More information' I can see the other website's domain names either, like:

Subject Alt Names

DNS Name domain1.com

DNS Name www.domain1.com

DNS Name domain2.com

DNS Name www.domain2.com

  • How can I prevent this to be shown? Is this a DNS record problem or is it because certbot suggested these 4 names and I just wanted to get a cert for all 4 during installation?
  • Now that the cert has issued, whats the proper way to get a *.domainX certificate for each one and they don't show in one another?

Thank you.

user174174
  • 103
  • 1

1 Answers1

1

you got the certificates all in one. Most probably your command was:

certbot -d domain1.com -d www.domain1.com -d domain2.com -d www.domain2.com

That way you get one certificate that contains all domains as SANS.

To prevent this get certificates individually:

certbot -d domain1.com -d www.domain1.com 
certbot -d domain2.com -d www.domain2.com

(assuming it is okay to have www and non-www in the same certificate).

To change this now it should suffice to run the second commands with the --force-renewal parameter.

If it doesn't work you can just use certbot delete to delete them and then create them again.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • Actually certbot automatically listed: 1)dom1 2)www.dom1 3)dom2 4)www.dom2 [enter for all] so I did that (no difference here) but running the commands in your answer will create one cert per domain if I'm not wrong. How can I use the wildcard like *.dom1 and *.dom2? and is it preferred/useful to have individual ones for each subdomain? i.e. does it matter to have a separate cert for mail.domain / ftp.domain / www.domain? It'll be great if you update the answer. – user174174 Jan 20 '23 at 13:25
  • The given commands will create two certificates containing two SANS (with and without www). You can create wildcard certificates with Let's Encrypt, but only with validation via DNS records which must be supported by your DNS provider. Read the documentation. – Gerald Schneider Jan 20 '23 at 13:27