On Tue, 2020/12/01 08:16:49AM +0200, ac via talk <talk@gtalug.org> wrote: | > I have three domains and a small but invariant number of subdomains | > that I want to encrypt - should I try to pull them all under one SSL | > cert, or do one for each domain, or one for every subdomain? I don't | > need a wildcard, but I would like something relatively painless if | > possible. | | yes, in your case, and for painless and easy, just use the domain name | and one cert. so, instead of mail.example.com and www.example.com | - just use example.com. I think that might cause client complaints in some cases. I think letsencrypt now provides wildcard certifications, but you can use mutliple -d options when creating or updating a certificate e.g. certbot certonly \ --non-interactive \ --expand \ --webroot \ -w /var/www/html/letsencrypt \ --cert-name www.example.com \ -d example.com \ -d mail.example.com \ -d blog.example.com And then the one certificate is valid for all those names. Hope that helps - letsencrypt is really remarkably convenient. John