Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for multiple certificate names in CERT_NAME

See original GitHub issue

It would be nice, if we could set multiple certificate names in CERT_NAME, like we doing it with VIRTUAL_HOST, separated by comma.

I have following case: We use two different domains for the same application and we got one wildcard certificate per domain. Exmaple: Domain 1: foo.bar.com Domain 2: foo.bar.net Certificate 1: wildcard.bar.com.crt Certificate 2: wildcard.bar.net.crt

In our docker-compose.yml I would like to use it this way:

version: '3.7'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy:alpine
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/ssl/certs:/etc/nginx/certs
    network_mode: bridge

  grafana:
    image: grafana/grafana
    container_name: grafana
    environment:
      VIRTUAL_HOST: grafana.bar.com,grafana.bar.net
      CERT_NAME: wildcard.bar.com,wildcard.bar.net
    ports:
     - 3000:3000
    network_mode: bridge

We have a lot of different applications with different docker-compose files, this is the reason why I don’t want to copy & paste or create symlinks for each new domain we got.

Issue Analytics

State:
Created 4 years ago
Comments:6

Top GitHub Comments

4reactions

mrybak-ngcommented, Dec 18, 2019

I have solved this by storing wildcard SSL certificates like:

domain.com.crt
domain.com.key
staging.domain.crt
staging.domain.key

and pointing symlinks

*.domain.com.crt -> domain.com.crt
*.domain.com.key -> domain.com.key
*.staging.domain.crt -> staging.domain.crt
*.staging.domain.key -> staging.domain.key

this can be done as:

ln -sf domain.com.crt '*.domain.com.crt'
ln -sf domain.com.key '*.domain.com.key'

and completely removing CERT_NAME env

1reaction

lucasmdrscommented, Jul 29, 2019

Actually, if you keep the wildcards files in the certs directory, like this:

bar.net.crt
bar.net.key
bar.com.crt
bar.com.key

You don’t need to specify the CERT_NAME environment. It’ll look for those wildcard domain certificates based on the VIRTUAL_HOST urls

Top Results From Across the Web

Choosing the SSL Certificate Names - DNSimple Help

Guidelines and information for selecting the SSL certificate host names. ... wildcard or single-name), whereas the SAN extension supports multiple entries.

Is it possible to issue multiple certificates with a same common ...

As far as I know, certbot uses the first hostname as the common name. By rotating the sequence of -d options and using...

How to add multiple dns names to my puppetmaster?

Run: sudo puppetserver ca generate <SERVER'S CERTNAME> --dns-alt-names <ALT NAME 1>,<ALT NAME 2>,... Re-start the Puppet Server service. Share.

Name Mismatch Error In Web Browser - DigiCert.com

DigiCert's Multi-Domain (SAN) Certificates were designed to resolve this problem by allowing one certificate to be issued to multiple names (i.e., ...

User Guide — Certbot 2.1.1 documentation

A few plugins support more than one challenge type, in which case you can choose ... If you're getting a certificate for many...