Answer the question
In order to leave comments, you need to log in
How to not generate certificates for some domains in nginx certbot?
Hello, can you please tell me if it is possible to cancel the generation of certificates on some domains?
There is a configured vhost file, in crontab I have the following command to generate Letsencrypt certificates:
10 0 * * 1 /usr/bin/certbot renew --force-renewal >> /home/user/le-renew.log
So, I don't want to on one of the sites to do more certificate generation, the service should be available only on port 80. Can I somehow remove one of the domains from the list of generated certificates?
Answer the question
In order to leave comments, you need to log in
Just delete the domain config file from the /etc/letsencrypt/renewal
. Or, if there is only one file, delete the line of the unnecessary domain.
No, it's technically not possible, it
's a matter of technology and the mutual exclusion of crutches.
Because according to RFC tcp/ip one daemon can have either a unique ip or a port for identification on the network.
You must have a unique white IP for each site, since you cannot change the port,
of course you will not have enough of these IPs. According to this, a crutch was made that allows you to keep any number of sites on the same port and IP.
The mechanism of such a
web server asks your browser httprefer in it parses the host string
and on the basis of this host substitutes the desired site config.
BUT with https, this cannot happen
why, because answer the question that you will first receive data over the channel or require keys from the channel?
The keys are correct, and in order to find out which config to substitute, you need to receive data via this channel.
In general, the web server cannot physically determine which site you are breaking into until it receives the keys.
The port is open and it listens, so you won't be able to block anything here either.
What to do.
1. issue the keys
2.
server {
listen 443 ssl;
server_name 1nnm.ru www.1nnm.ru www.dosug-org.ru dosug-org.ru ;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
root /var/www/html;
return 444;
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question