setup-cerbot: Allow issuing certificates for multiple domains.

This commit allows specifying Subject Alternative Names to issue certs for multiple domains using certbot. The first name passed to certbot-auto becomes the common name for the certificate; common name and the other names are then added to the SAN field. All of these arguments are now positional. Also read the following for the certbot syntax reference: https://community.letsencrypt.org/t/how-to-specify-subject-name-on-san/ Fixes #10674.
2025-10-29 11:03:54 +00:00 · 2018-10-20 08:11:46 +00:00
parent 11ffd6b370
commit 95ba947f13
3 changed files with 19 additions and 11 deletions
--- a/scripts/setup/setup-certbot
+++ b/scripts/setup/setup-certbot
@@ -4,7 +4,8 @@ set -e

 usage() {
    cat <<EOF >&2
-Usage: $0 --hostname=zulip.example.com --email=admin@example.com [--method={webroot|standalone}] [--no-zulip-conf]
+Usage: $0 --email=admin@example.com [--method={webroot|standalone}] \
+[--no-zulip-conf] hostname.example.com [another.example.com]
 EOF
    exit 1
 }
@@ -15,15 +16,10 @@ if [ "$EUID" -ne 0 ]; then
 fi

 method=webroot
-args="$(getopt -o '' --long help,hostname:,email:,method:,deploy-hook:,no-zulip-conf,agree-tos -n "$0" -- "$@")"
+args="$(getopt -o '' --long help,email:,method:,deploy-hook:,no-zulip-conf,agree-tos -n "$0" -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --hostname)
-            DOMAIN="$2"
-            shift
-            shift
-            ;;
        --email)
            EMAIL="$2"
            shift
@@ -52,11 +48,19 @@ while true; do
            shift
            ;;
        --)
+            shift
            break
            ;;
    esac
 done

+# Parse the remaining arguments as Subject Alternative Names to pass to certbot
+HOSTNAMES=()
+for arg; do
+    HOSTNAMES+=(-d "$arg")
+done
+DOMAIN=$1
+
 if [ -n "$show_help" ]; then
    usage
 fi
@@ -94,7 +98,7 @@ chmod a+x "$CERTBOT_PATH"
 # Passing --force-interactive suppresses a warning, but also brings up
 # an annoying prompt we stifle with --no-eff-email.
 "$CERTBOT_PATH" certonly "${method_args[@]}" \
-                -d "$DOMAIN" -m "$EMAIL" \
+                "${HOSTNAMES[@]}" -m "$EMAIL" \
                $agree_tos --force-renewal \
                "${deploy_hook[@]}" \
                --force-interactive --no-eff-email