How can I get multiple certificates for different services? about nginx-le HOT 4 CLOSED

I suspect smth is incorrect with you LE_FQDN or other settings, or your other domains not resolved to the host running nginx-le

Can you show your compose pls?

from nginx-le.

Thanks for reply.
My compose:

version: '2'
services:

nginx:
    build: .
    image: umputun/nginx-le:latest
    hostname: nginx
    restart: always
    container_name: nginx

    logging:
      driver: json-file
      options:
          max-size: "10m"
          max-file: "5"

    volumes:
        - ./etc/ssl:/etc/nginx/ssl
        - ./etc/service-example.conf:/etc/nginx/service.conf
        - ./etc/service-example-2.conf:/etc/nginx/service2.conf # more services, should be service*.conf
    ports:
        - "80:80"
        - "443:443"

    environment:
        - TZ=America/Chicago
        - LETSENCRYPT=true
        - [email protected]
        - LE_FQDN=d3.userdashboard.ru,who2.userdashboard.ru
        #- SSL_CERT=le-crt.pem
        #- SSL_KEY=le-key.pem
        #- SSL_CHAIN_CERT=le-chain-crt.pem

networks:
default:
external:
name: ovl

Let's Encrypt log:

trying to update letsencrypt ...
nginx | letsencrypt certificate will expire soon or missing, renewing...
nginx | Saving debug log to /var/log/letsencrypt/letsencrypt.log
nginx | Plugins selected: Authenticator webroot, Installer None
nginx | Obtaining a new certificate
nginx | Performing the following challenges:
nginx | http-01 challenge for d3.userdashboard.ru
nginx | http-01 challenge for who2.userdashboard.ru
nginx | Using the webroot path /usr/share/nginx/html for all unmatched domains.
nginx | Waiting for verification...
nginx | 3.120.130.29 - - [30/Apr/2021:11:41:02 -0500] "GET /.well-known/acme-challenge/xwwufdD3sX3s7O9WZusRXsXR5mAMCro91s0cujKX7Wo HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 18.184.114.154 - - [30/Apr/2021:11:41:02 -0500] "GET /.well-known/acme-challenge/7xi0xxT57badOeHtY3g29-_dxMDGaCL6I44REzuT4aY HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 34.221.255.206 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/xwwufdD3sX3s7O9WZusRXsXR5mAMCro91s0cujKX7Wo HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 64.78.149.164 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/xwwufdD3sX3s7O9WZusRXsXR5mAMCro91s0cujKX7Wo HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 3.19.56.43 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/xwwufdD3sX3s7O9WZusRXsXR5mAMCro91s0cujKX7Wo HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 64.78.149.164 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/7xi0xxT57badOeHtY3g29-_dxMDGaCL6I44REzuT4aY HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 34.221.255.206 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/7xi0xxT57badOeHtY3g29-_dxMDGaCL6I44REzuT4aY HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | 3.142.122.14 - - [30/Apr/2021:11:41:03 -0500] "GET /.well-known/acme-challenge/7xi0xxT57badOeHtY3g29-_dxMDGaCL6I44REzuT4aY HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx | Cleaning up challenges
nginx | IMPORTANT NOTES:
nginx | - Congratulations! Your certificate and chain have been saved at:
nginx | /etc/letsencrypt/live/d3.userdashboard.ru/fullchain.pem
nginx | Your key file has been saved at:
nginx | /etc/letsencrypt/live/d3.userdashboard.ru/privkey.pem
nginx | Your cert will expire on 2021-07-29. To obtain a new or tweaked
nginx | version of this certificate in the future, simply run certbot
nginx | again. To non-interactively renew all of your certificates, run
nginx | "certbot renew"
nginx | - Your account credentials have been saved in your Certbot
nginx | configuration directory at /etc/letsencrypt. You should make a
nginx | secure backup of this folder now. This configuration directory will
nginx | also contain certificates and private keys obtained by Certbot so
nginx | making regular backups of this folder is ideal.
nginx | - If you like Certbot, please consider supporting our work by:
nginx |
nginx | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
nginx | Donating to EFF: https://eff.org/donate-le
nginx |
nginx | '/etc/letsencrypt/live/d3.userdashboard.ru/privkey.pem' -> '/etc/nginx/ssl/le-key.pem'
nginx | '/etc/letsencrypt/live/d3.userdashboard.ru/fullchain.pem' -> '/etc/nginx/ssl/le-crt.pem'
nginx | '/etc/letsencrypt/live/d3.userdashboard.ru/chain.pem' -> '/etc/nginx/ssl/le-chain-crt.pem'
nginx | '/etc/nginx/conf.d.disabled' -> '/etc/nginx/conf.d'
nginx | reload nginx with ssl
nginx | 2021/04/30 11:41:07 [notice] 34#34: signal process started

from nginx-le.

ii don't see any problem with the issued certificate, it's correctly listing both subdomains

from nginx-le.

It's my mistake, i suppose. I thought, that different services can have different certs for each, and SAN only for one service in different mirror domens running. Great thanks for quick reply!

from nginx-le.