Certbot: 확장은 새 도메인을 무시합니다.

에 만든 2017년 01월 13일 · 3코멘트 · 출처: certbot/certbot

커뮤니티 포럼의 많은 사용자가 기존 인증서를 확장하는 데 어려움을 겪고 있다고보고했습니다. certbot 0.10.0을 사용하여 깨끗한 Ubuntu 16.04 설치에서 재현 할 수있었습니다. 나는 독립 실행 형과 아파치를 테스트했기 때문에 아마도 플러그인과 관련이 없을 것입니다.

출력을 포함하여 재현 할 명령 :

root<strong i="8">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc --staging --register-unsafely-without-email
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
   will expire on 2017-04-13. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

root<strong i="9">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc -d 3.debug.le.pf.vc --staging --register-unsafely-without-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/1.debug.le.pf.vc.conf)

It contains these names: 1.debug.le.pf.vc, 2.debug.le.pf.vc

You requested these names for the new certificate: 1.debug.le.pf.vc,
2.debug.le.pf.vc, 3.debug.le.pf.vc.

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
   will expire on 2017-04-13. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"

root<strong i="10">@debug</strong>:~# openssl x509 -text -noout -in /etc/letsencrypt/live/1.debug.le.pf.vc/cert.pem | grep DNS
                DNS:1.debug.le.pf.vc, DNS:2.debug.le.pf.vc

원본 보고서 :
https://community.letsencrypt.org/t/expands-not-working-on-pre-existing-cert-requests/25605?u=pfg
https://community.letsencrypt.org/t/workaround-for-5-domain-limit/25651?u=pfg

bug

출처