Multisite: generate ssl cerificate for more than 100 sites with Letsencrypt

code23-barna · June 29, 2020, 2:59pm

Hi,

I’ve got a trellis multisite setup, where there is only 1 site, but it hosts 103 sites.

When trellis tries to generate the ssl cerificates during the provisoning (trellis provision --tags letsencrypt production) it comes back with an error:
FAILED! => {"changed": false, "cmd": ["./renew-certs.py"] ... "Error creating new order :: Order cannot contain more than 100 DNS names"

With letsencrypt the limit is 100 domain names on a single certificate.

I wonder if anybody came across that, and maybe has a solution to split the cerificate to multiple cerificates in case the {{ site_hosts }} more than 100 sites?

I’m using Trellis 1.2.0 in this project. Wonder if version 1.3 or 1.4 would solve that problem?

swalkinshaw · June 29, 2020, 10:59pm

Congrats I guess? no one has ever reported this before so I assume you have the most domain names yet

No, there’s no updates related to this. As you said, it’s a Let’s Encrypt limit and a rare edge case so it would be complex for Trellis to support. If these are subdomains you could somehow use LE’s wildcard certs. Though Trellis doesn’t support that by default either but it might be easier for you to customize.

code23-barna · June 30, 2020, 8:32am

Hey, thanks! I wish we could avoid that large multisite setup!

Unfortunately these aren’t subdomains, these are all individual domain names, so wildcard is not a option.

It looks like the only option is the manual cert?

system · August 10, 2020, 2:59pm

This topic was automatically closed after 42 days. New replies are no longer allowed.