First time using LetsEncrypt so I wanted to check before I did this. I want to create a certificate for my hostname as well as the other services (ftp, pop3, imap, smtp, interworx-ssl, web-server, etc).

Is just generating a cert using the below command with certbot good enough for this? Going to generate the cert with the hostname and then use the cert/privkey to update all services. I use mail.domain.com instead of hostname.domain.com for mail though, so I assume I’ll have to create a separate one for mail, or will the hostname one work for that as well?

certbot certonly --standalone -d hostname.domain.com -d mail.domain.com

Hi staxed

Hope your well

If you upgrade to release candidate, multi CN is an option

However, it has only just come out of beta and I reported a bug with it, which Nathan reviewed and found a missing symlink, so will be in beta for a few weeks I guess

Should work lovely once it released from beta

Hope that helps

The single SSL cert should cover all CN you have selected

Many thanks

John

you reported a bug with the multi CN feature? Does said bug prevent it from working? Would rather a manual option that works right now then waiting a few weeks for it to get fixed

Hi staxed

Yes, it stops it from working

You should be able to run your manual command to generate it, but I have not tried myself

We use a paid wildcard SSL for our servers

Many thanks

John

Yeah, I normally use a paid one as well…but wanted to give LetsEncrypt a go just to see how it works out

hmm…getting an error trying to run command:

certbot --webroot -w /home/account/public_html -d domain.com -d www.domain.com -d sub.domain.com -d sub1.domain.com -d sub2.domain.com -d sub3.domain.com -d sub4.domain.com

An unexpected error occurred:
ImportError: version conflict: ‘/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so’ C extension module was built for another version of psutil (different than 2.2.1)
Please see the logfile ‘certbot.log’ for more details.

Log File:

Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in <module>
load_entry_point(‘certbot==0.8.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 700, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 174, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 33, in init
self.plugin_cls = entry_point.load()
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 2229, in load
return self.resolve()
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 2235, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py”, line 19, in <module>
from certbot.plugins import util
File “/usr/lib/python2.7/site-packages/certbot/plugins/util.py”, line 5, in <module>
import psutil
File “/usr/lib64/python2.7/site-packages/psutil/init.py”, line 181, in <module>
raise ImportError(msg)
ImportError: version conflict: ‘/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so’ C extension module was built for another version of psutil (different than 2.2.1)

Hi bertie

There’s another thread started I thought about this

You should be able to add hostname as a siteworx account and create SSL using generate using LE, then copy and paste into hostname SSL of nodeworx

You may also be able to run LE manually, if your DNS records are correct and tell it where to save the files, but this method, I have not tried

Please understand though, LE is not a wildcard SSL and would need renewing every 2 or 3 months. Sorry, I cannot remember the exact time length the LE SSL runs for

I hope that helps a little

Many thanks

John