I recenty decided to combine two websites - this one and the holding domain for some other work - into an existing node server that was running express. I use hugo for a static site, so there’s no need to run multiple web servers when I can simply create a vhost and drop content into an existing server.
Once I determined how to do this (that’s a future post) I needed a way to assign each an SSL certifcate for secure connections.
If you’ve used express before, you’ll know that it isn’t possible to assign port 443 to more than one listener. Each request that resolved to any of the defined vhosts would have to be served with a single certificate.
This isn’t the same as using a wildcard cert - each domain is completely different from the others.
For cases like this, where a single server hosts multiple domains, you can use Subject Alternative Name certificates. A SAN cert contains several different domain names and can bind the cert to SSL queries for each name.
Let’s Encrypt provides SAN certificates, so I used them.
Just provide an additional
-d domain.com in your certbot command line to generate a single SAN cert to secure multiple
You of course need to own the domains and have provided name service for them. I use DigitalOcean and this is super simple to setup from the dashboard. Just create an A record for each of the domains that all point to the droplet where the server is running.