wildcard entry at dns level does not work for the Let's Encrypt. * IN CNAME domain.tld --> not work www.dru IN CNAME domain.tld --> works
but if you don't need to the www.dru.designfyn.dk then just alter your website and change autosub from "www" to "none"
look at line 969+ https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt/cli.py Code: helpful.add_group( "automation", description="Arguments for automating execution & other tweaks") helpful.add( "automation", "--keep-until-expiring", "--keep", "--reinstall", dest="reinstall", action="store_true", help="If the requested cert matches an existing cert, always keep the " "existing one until it is due for renewal (for the " "'run' subcommand this means reinstall the existing cert)") look like may cron-launch LE every 3/5/10 days with --keep-until-expiring and if it will soon expire it will autorenew. or not?
sjau, I just needed a place to post as of the >2 posts limitation to be allowed to post a link. I created this: https://www.howtoforge.com/communit...entation-of-dnssec-patch-and-tlsa-dane.71829/ and that was my note about. I will try to import your "mod" into my installation soon and report my effords back
Yes: https://github.com/sjau/le2ispc/blob/master/le2ispc_renewer You'll just need to setup the cron yourself.
Ok, some updates today: - fixed that it won't try to update the "live" folder as domain, but only subfolder - added option to set renewal in the config - added option to set webroot folder (currently only for apache -> https://github.com/sjau/le2ispc/issues/13 - fixed a few other things Also: Let's Encrypt did up the amount of registrations to 500 per 3hours (https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769). So I did test the current renewal process and it worked fine for all but 1 domain. For one domain it claims: "There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: domain.tld". Checking my list I still have a few subdomains that I updated today also. So it seems the limit of "5 certificates per domain per week" still is there. Summary: The tool seems to work fine this far.
Thanks sjau, Till, Falko and the others who've looked at this. Nice work, can't wait to see it integrated into a stable release! I'm going to have a look at the script you've posted on your github account. I have a couple questions in the mean time about the automation of this process: 1) How will aliase domains be handled? Say <domain.com.au> which redirects to <domain.com> 2) How will inactive sites be handled? Cheers, Nap
I don't use aliases or inactive sites. As of now, you have to run for each domain the script once manually with my tool. Ok, you could make a list and run for each of them. REgarding aliases... hmmm, I'd have to look. Since LE support SNI you could probably ask for domain.com.au and domain.com in the same cert. then it should also work but I'll need to look up on that.
I think all this information can be collected from ISPConfig, and used to drive the script. (This would also include sub-domains).
It can be. As for subdomains, currently you'll have to run the script for each sub individually. What I did is include the www if there's a www-variant. It could be that you don't want ssl on all subs so I only run it on the sub/domain that I want. However a check for inactive domains and domain aliases should be possible. Let me work on that.
That is not quite true. You can run the command for a main domain plus multiple subdomains, and you will get ONE certificate with alternate names for each subdomain: Code: le2ispc main.tld sub1.main.tld sub2.main.tld ...
Ok, I added also alias function with SNI. I did setup two test domains: 1. actual domain: https://test.schildi.li 2. alias domain: https://alias.schildi.li SSL Cert for both is fine.
I forgot about that because I don't use it like that. However, will the ssl certs be uploaded to all the specified subs? I'll need to check on that again.
