One certificate to rule them all, and in LetsEncrypt bind them

README.md

@@ -39,7 +39,8 @@ cd docker-atelier
 
 cp nginx.conf /etc/nginx
 systemctl restart nginx
-certbot certonly --email $MAIL --webroot -w /srv/letsencrypt/ --agree-tos -d $DOMAIN,www.$DOMAIN
+certbot certonly --email $MAIL --webroot -w /srv/letsencrypt/ --agree-tos -d  $(echo {,www.}{,pad.,git.,cloud.}$DOMAIN|tr ' ' ',')
+
 ```
 
 Say No
@@ -58,8 +59,6 @@ for service in pad git cloud frontal
 do
     pushd $service
     ln -s $PWD/nginx.conf /etc/nginx/sites-enabled/$service
-    export MAIL=services+$service@$DOMAIN
-    [[ $service != frontal ]] && certbot certonly --email $MAIL --webroot -w /srv/letsencrypt/ --agree-tos -d $service.$DOMAIN,www.$service.$DOMAIN
     docker-compose up -d
     popd
 done

cloud/nginx.conf

@@ -10,8 +10,8 @@ server {
     listen [::]:443 ssl http2;
     server_name www.cloud.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/cloud.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/cloud.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     return 301 https://cloud.oxyta.net$request_uri;
 }
@@ -21,8 +21,8 @@ server {
     listen [::]:443 ssl http2;
     server_name cloud.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/cloud.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/cloud.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     access_log  /var/log/nginx/cloud.log;
     error_log  /var/log/nginx/cloud.err;

git/nginx.conf

@@ -10,8 +10,8 @@ server {
     listen [::]:443 ssl http2;
     server_name www.git.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/git.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/git.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     return 301 https://git.oxyta.net$request_uri;
 }
@@ -21,8 +21,8 @@ server {
     listen [::]:443 ssl http2;
     server_name git.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/git.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/git.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     access_log  /var/log/nginx/git.log;
     error_log  /var/log/nginx/git.err;

pad/nginx.conf

@@ -10,8 +10,8 @@ server {
     listen [::]:443 ssl http2;
     server_name www.pad.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/pad.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/pad.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     return 301 https://pad.oxyta.net$request_uri;
 }
@@ -21,8 +21,8 @@ server {
     listen [::]:443 ssl http2;
     server_name pad.oxyta.net;
 
-    ssl_certificate     /etc/letsencrypt/live/pad.oxyta.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/pad.oxyta.net/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/oxyta.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/oxyta.net/privkey.pem;
 
     access_log  /var/log/nginx/pad.log;
     error_log  /var/log/nginx/pad.err;