Using Certbot to install an R3 Let's Encrypt certificate on an nginx webserver causes all the other domains in the nginx configuration to be included under "Subject Alternative Name" on the certificate. This is undesirable for my use case.
I read the man page here and some other Stack Exchange posts here and here.
Regarding the use of alternative names, the man page says (and I don't fully understand):
-d DOMAIN, –domains DOMAIN, –domain DOMAIN
Domain names to apply. For multiple domains you can
use multiple -d flags or enter a comma separated list
of domains as a parameter. The first domain provided
will be the subject CN of the certificate, and all
domains will be Subject Alternative Names on the
certificate. The first domain will also be used in
some software user interfaces and as the file paths
for the certificate and related material unless
otherwise specified or you already have a certificate
with the same name. In the case of a name collision it
will append a number like 0001 to the file path name.
(default: Ask)
How can I specify or omit the Subject Alternative Names entirely when using Certbot to install a Let's Encrypt certificate? If Certbot can't, is there a different way while still using R3 Let's Encrypt certificates?
Best Answer
You don't really want to omit the Subject Alternative Names. If you omit the SAN no modern browser will accept your certificates as valid. If you don't want all domains in one certificate, just create them separately.