Acme.sh: Issue certificate for multiple subdomains with different webroots

Created on 3 Jul 2017 · 7Comments · Source: acmesh-official/acme.sh

Consider an issue command below:

acme.sh --issue -d example.com -w /home/dir1 -d sub1.example.com -d www.example.com -d sub2.example.com -w /home/dir2

I expected that acme.sh writes to "/home/dir1" directory when verifying domains example.com, sub1.example.com, and www.example.com BUT switch to "/home/dir2" for sub2.example.com. However, examining the debug log shows that it always uses the last webroot directory for all domains, that is, acme.sh writes to "/home/dir2" even for sub1.example.com.

Question is, how do I issue a single certificate for multiple subdomains with different webroot?

Source

ghost

Most helpful comment

If you want to use different webroot for each sub domain, you MUST specify webroot for EACH domain.

acme.sh --issue  -d example.com   -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \ 
 -d sub2.example.com  -w /home/dir2

if you want to share the webroot folder , the domains must be at the ending.

acme.sh  --issue  \
  -d example.com           -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \
  -d sub2.example.com  -w  /home/shared_dir \
  -d sub3.example.com  \
  -d sub4.example.com

example.com will use dir0

sub1.example.com will use dir1

all the left domains sub2 , sub3 and sub4 will share the same folder: shared_dir

Neilpang on 3 Jul 2017

👍4 ❤1

All 7 comments

If you want to use different webroot for each sub domain, you MUST specify webroot for EACH domain.

acme.sh --issue  -d example.com   -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \ 
 -d sub2.example.com  -w /home/dir2

if you want to share the webroot folder , the domains must be at the ending.

acme.sh  --issue  \
  -d example.com           -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \
  -d sub2.example.com  -w  /home/shared_dir \
  -d sub3.example.com  \
  -d sub4.example.com

example.com will use dir0

sub1.example.com will use dir1

all the left domains sub2 , sub3 and sub4 will share the same folder: shared_dir

Neilpang on 3 Jul 2017

👍4 ❤1

Thanks, though it wasn't so obvious :)

Just a little note: After issuing my cert and the cron already in place, I wanted to set a renew-hook command to reload the new cert from disk after renewals but couldn't find a way to do so. After looking around, I manually edited the "/root/.acme.sh/{domain}/{domain}.conf" file and set the "Le_RenewHook" key. Is this alright or could there have been a better way to do so?

ghost on 3 Jul 2017

Yes, it's right, but not recommended.

you can use --install-cert command, with --renew-hook

Or you can also use --issue command

Neilpang on 3 Jul 2017

Thanks man. Closing now.

ghost on 3 Jul 2017

Using --renew-hook with --install-cert after a certificate is issued does not set the "Le_RenewHook" key in "{domain}.conf" ??

ghost on 3 Jul 2017

sorry, please use --issue instead.

Neilpang on 4 Jul 2017

If you want to use different webroot for each sub domain, you MUST specify webroot for EACH domain.
acme.sh --issue  -d example.com   -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \ 
 -d sub2.example.com  -w /home/dir2
if you want to share the webroot folder , the domains must be at the ending.
acme.sh  --issue  \
  -d example.com           -w /home/dir0 \
  -d sub1.example.com  -w /home/dir1 \
  -d sub2.example.com  -w  /home/shared_dir \
  -d sub3.example.com  \
  -d sub4.example.com   
example.com will use dir0

sub1.example.com will use dir1

all the left domains sub2 , sub3 and sub4 will share the same folder: shared_dir