multi-domain (SAN) certificates issue

[nosovk]

trafficstars

Hello! I try to migrate our staging from wildcard to LE. And after initial setup I received error with LE rate limits (there is nearly 50 sub-domains used for now) For example https://nodeart.stage.nodeart.io or https://client.2canoes.stage.nodeart.io to fix that issue I tried to use Multi Domain setup, by rewriting LE Hosts in docker-compose: LETSENCRYPT_HOST: stage.nodeart.io, client.2canoes.stage.nodeart.io and LETSENCRYPT_HOST: stage.nodeart.io, nodeart.stage.nodeart.io

but now all hosts served with one root certificate.

In logs I see: http://take.ms/PoK2T

it looks like subdomain requests are requested to be served from parent domain. Could it be mistake?

[thomasleveil]

try again after removing space characters:

LETSENCRYPT_HOST: stage.nodeart.io,client.2canoes.stage.nodeart.io

[nosovk]

Tried, but no result. Probably will left if for week.

[fsw0422]

having the same issue here

[nosovk]

According to logs - certificates not grouped into one. I mean on crt.sh I see that certificates are not merged into one fro different vhosts. https://crt.sh/?id=111742747 https://crt.sh/?id=113215695 https://crt.sh/?id=111730519 they all issued like separate pairs, and it reaches out LE limit very fast. Currently SAN works only in one vhost, not merging requests from different hosts.

[buchdag]

SAN indeed works only by discrete container, there is currently no alternative names merging logic across containers. The idea is interesting but I doubt it will be feasible any time soon.