Protect Up to 250 Different Domains & Subdomains on Multiple Servers with Single Cert

Comments

• hackerman Member

  February 7

  Using one single cert for 250 domains across multiple servers is a pretty foolish thing to do.
• JosephF Member

  February 7

  @remy said:

  @meditatingsurgeon said:

  @shruub said: Heya, not sure if you use it already, but does this basically mean that you have two wildcard domain certs for 15$? (in very simple terms)

  hi @shruub - no checked it out - what I need is a subdomain wildcard cert i.e.
  *.subdomain.example.com
  Can't seem to find such a thing...

  You can do that with letsencrypt.

  Why can't Let's Encrypt issue certs for longer than three months?
• kevinds Member, LIR

  February 7

  @JosephF said:
  Why can't Let's Encrypt issue certs for longer than three months?

  They could, they chose not to, to encourage automation.
• JosephF Member

  February 7

  @kevinds said:

  @JosephF said:
  Why can't Let's Encrypt issue certs for longer than three months?

  They could, they chose not to, to encourage automation.

  Can the automation renew the certs indefinitely, without requiring any human intervention or attention?
• JosephF Member

  February 7

  @hackerman said:
  Using one single cert for 250 domains across multiple servers is a pretty foolish thing to do.

  Why?
• kevinds Member, LIR

  February 7 edited February 7

  @JosephF said:
  Can the automation renew the certs indefinitely, without requiring any human intervention or attention?

  Yes.. Might need to be adjusted now and then, as all systems do, but generally, yes..

  I have a script that updates the certificates on my routers every ~60 days (30 days before expiry) for my SSTP servers, plus anything else they want TLS for, but SSTP is the real reason.. I haven't touched it in three years now (2021-06), other than to deploy it on another router. That is just copy&paste and setting the FDQN to be used. The first one hasn't changed.

  The hard part is setting it up in the first place, many systems have walkthroughs for them.

  Thanked by 1JosephF
• karanchoo Member

  February 7

  I just bought WildCard SSL for 5 years from Namecheap for 200$ for 1 domain.

  maybe my issue . but lets encrypt don't work on some of the old devices , some old android phone and windows 7 , Sp1 and Sp2 ( yeh some people still use)

  By work mean , the SSL don't load on old browser and throw invalid certificate error.

  @ehhthing said: With Let's Encrypt, ZeroSSL, Buypass and Google Trust Services all in the ACME market does anyone these days still pay for SSL certs?

  Like I get that for enterprise use, longer lasting certs are better but I feel like if you're starting a business nowadays you almost certainly can just use ACME like a normal person
• kevinds Member, LIR

  February 7

  @karanchoo said:
  By work mean , the SSL don't load on old browser and throw invalid certificate error.

  Update your root certificates, it will work.

  Also, SSL is long dead.. TLS replaced it.
• Dikswarna Member

  February 14

  @JosephF said:

  @nitubisht said:
  Multi-Domain Wildcard SSL Certificate allows to secure of multiple domains (or subdomains) with a single certificate and also includes the ability to secure an unlimited number of subdomains for each of those domains. you can get a Multi Domain Wildcard SSL Certificate at just $15 per year. https://www.ssl2buy.com/multi-domain-wildcard-ssl

  Why not simply use a free cert like Let's Encrypt for each domain?

  Using a free certificate may not be the most suitable approach as you will find difficulty in renewal. In free certificates, certificate renewal can become challenging when managing a larger number of domains and subdomains with individual certificates or a single certificate covering multiple domains and subdomains. On the other hand, paid certificates from commercial CAs often provide easy renewal with better support options and warranties.