Generate SSL certificates for multiple domains in SubjectAltName with Greenlock

Question

I'm using greenlock to generate certificates, I pass it three domains, and only get 2 in my altnames:

const greenlock = Greenlock.create({
  agreeTos: true,
  email: myemail,
  communityMember: false,
  version: 'draft-12',
  server: 'https://acme-v02.api.letsencrypt.org/directory',
  configDir: '/etc/letsencrypt',
  debug: true,
  log: (debug) => { console.log(debug) },
})  
console.log({ domains })
return greenlock.register({
      domains,
      email: myemail,
      challengeType: 'dns-01',
    })
.then((result) => {
    console.log(result)
})

here are my logs:

{ domains:
 [ 'domain1',
   'domain3',
   'domain2' ] }
true
true
true
{ result:
{ 
  privkey: '-----BEGIN PRIVATE KEY-----\n\n-----END CERTIFICATE-----\n',    
  chain:  '-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n',
  subject: 'domain2',
  altnames: [ 'domain1', 'domain2' ],
  _issuedAt: 2018-09-19T14:43:31.000Z,
  _expiresAt: 2018-12-18T14:43:31.000Z,
  issuedAt: 1537368211000,
  expiresAt: 1545144211000 } }

As you can see it's not even my first two domains that end up in my altnames but rather those that where already in the old certificate (not sure this is why tho).

I'm not married to greenlock, if someone as a better alternative I'm listening as well.

I tried passing approveDomains to my greenlock constructor and it doesn't seem to change much. I still don't have my new domain (domain2) listed in my certificate :

openssl x509 -text < /etc/letsencrypt/live/domain1/fullchain.pem  | grep 'DNS:' | sed 's/\s*DNS:$[a-z0-9.\-]*$[,\s]\?/\1 /g'

domain1 domain3

Generate SSL certificates for multiple domains in SubjectAltName with Greenlock

Answers (1)

Use Greenlock v2.7+

Related Questions