From: "Paul Smedley" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 11330747 for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 23:16:40 -0500
Received: from [192.168.200.201] (port=50276 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1tK8ic-000000003Ok-1NHa
	for ecs-isp@2rosenthals.com;
	Sat, 07 Dec 2024 23:16:31 -0500
Received: from vps.smedley.id.au ([142.171.106.2]:44396)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1tK8iY-000000003Zv-0SbG
	for ecs-isp@2rosenthals.com;
	Sat, 07 Dec 2024 23:16:26 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=smedley.id.au;
	s=default; t=1733631385;
	bh=GBNqpobtDqchxqTt0KApvNNTl9DRklEfTXreYGjs8GE=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=MuHNlSHYHfa+xInwXT+rxProe6AcVYVIf4ZXPGX8iFeYMqulrQdGehSS19eZ0PuW0
	 9jz/ebuz3F+WKrsLqFuKID1a/7Om6Yrog6br/kC4JLPICxkOKkINguRSAu9bhFYcpJ
	 NXXowhIoZIglhZPMU4CYaSxHhxyVMtU4vyc01Zgdapr+OAi1A4og8N4fsKxoDT5zut
	 mPIymebHU43bc1i1jLLLD2CjUeiEdgLb5mEQuenGzCudEdAbC0Udsx3wcSrTw/n3pg
	 PdekoGf8k+chwRPHhHD2yNEsA//Jdm+6zyIvB8gi5lkB5ktMYWSdRHTxwDVXrTycsb
	 jJh1pYrIkeSww==
Received: from [IPV6:2400:a848:4041:0:61a0:90cb:75cf:8d59] (unknown [IPv6:2400:a848:4041:0:61a0:90cb:75cf:8d59])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by vps.smedley.id.au (Postfix) with ESMTPSA id E092720042
	for <ecs-isp@2rosenthals.com>; Sun,  8 Dec 2024 14:46:24 +1030 (ACDT)
Message-ID: <a2d41b27-101b-45a2-9f23-1aed22ee8ca1@smedley.id.au>
Date: Sun, 8 Dec 2024 14:46:19 +1030
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [eCS-ISP] Getting started with Let's Encrypt
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11321264@2rosenthals.com> <list-11322461@2rosenthals.com>
 <list-11322996@2rosenthals.com> <list-11323402@2rosenthals.com>
 <list-11330007@2rosenthals.com>
Content-Language: en-US
In-Reply-To: <list-11330007@2rosenthals.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi Max,

On 7/12/24 19:42, Massimo S. wrote:
>
> there is a way with LE to create one certificate containing also 3rd 
> level domains e.g.
>
> mywebsite.it
> and
> www.mywebsite.it
>
> both with only one SSL cert.
>
No idea with uacme, but this can definitely be done with certbot. for eg 
I use a single certificate for vps.smedley.id.au and mail.smedley.id.au

Looks like this should be possible with uacme as well. Looking at: 
https://wasd.vsm.com.au/src/wucme/uacme1.pdf

uacme [OPTIONS …] issue DOMAIN [ALTNAME …] Issue a certificate for 
DOMAIN with zero or more ALTNAMEs. If a certificate is already available 
at CONFDIR/DOMAIN/cert.pem for the specified DOMAIN and ALTNAMEs, and is 
still valid for longer than DAYS, no action is taken unless -f, --force 
is specified. The new certificate is saved to CONFDIR/DOMAIN/cert.pem. 
If the certificate file already exists, it is hardlinked to 
CONFDIR/DOMAIN/cert-TIMESTAMP.pem before overwriting. The private key 
for the certificate is loaded from CONFDIR/private/DOMAIN/key.pem. If no 
such file exists, a new key is generated unless -n, --never-create is 
specified.