Multiple domains on single app
Closed this issue · 4 comments
tl;dr; only one certificate is issued, and one sni ssl binding is made. I would expect at least an automatic binding, and preferrably a certificate per hostname. Now almost all my sites are just listed in subject alternative name, but the actual site content differs quite a lot although coming from the same cms.
(I was writing a more extensive explanation because I didnt even see the single sni ssl binding, but that was just a portal hiccup, but I'm leaving it in after this to be complete.)
I have a dedicated, always-on app service with the renewer job configured. Most of the configs I just used as a shared config. Only one I made specific to the app where I need ssl.
letsencrypt:my-app-hosts => www.site1.com;www.site2.net;www.site3.org
letsencrypt:webApps => my-app
etc. When triggering the job runs fine, and on each site I get a different response to /.well-known/acme-challenge/###...
If I go to my app the ssl settings list a single certificate for the first site in the host list (www.site1.com). The private certificate thumbprint does list all the sites (comma separated).
The first site does work on ssl, but the other ones still load the *.azurewebsites.net certificate. If I go to my-app -> custom domains, only one sni ssl binding is active. I can make the other ones, but I think this needs to be done after every renewal. Is this how its supposed to work?
I'm not sure I follow the problem you're facing (what automatic binding isn't happening?)
But as for multiple certificates (e.g. per hostname) for a single site/webapp, does this help? https://github.com/ohadschn/letsencrypt-webapp-renewer#multiple-certificates-for-a-single-site
I'm talking about the bindings that you see here:
In the list of the second screenshot I have 15 domains, but only one of them was set.
It seems that you're saying that I can set it up the way I want to, but I'm not sure I understand those instructions correct. Is this config going to give me 1 certificate per hostname?
letsencrypt:webApps => my-app;my-app[group2];my-app[group3]
letsencrypt:my-app-hosts => www.site1.com
letsencrypt:my-app[group2]-hosts => www.site2.net
letsencrypt:my-app[group3]-hosts => www.site3.org
Maybe if there's one certificate per hostname my binding problem is solved as well...
Yes that should work. I didn't get the chance to release a version that includes this feature though, could you build from master and try?
I tried with a build from source and it is working! Thanks!