How to authenticate for multiple domains

[kfoon]

How can i pass multiple domains to the env variable to authenticate for those domains
environment:

     NGINX_DOCKER_GEN_CONTAINER: ${DOCKER_GEN}
     NGINX_PROXY_CONTAINER: ${NGINX_WEB}
     NSUPDATE_SERVER: ns1.xxxx
     NSUPDATE_ZONE: domain1.com domain2.com domain3.com
     NSUPDATE_KEY: /etc/acme.sh/nskey/update.key 

[buchdag]

@kfoon Hi

What do you mean by "authenticate for those domains" ? Obtain TLS certificate for mutiple domains ?

Please provide your full configuration, answering a question with just a handful of environment variable as a context isn't possible.

[kfoon]

I figured out the issue one container can only be used to issue certs for one domain eg. domain1.com if I need to generate certs for domain2.com I have to spin up a new acme container for the single domain

…

On Fri, May 1, 2026, 11:20 Nicolas Duchon ***@***.***> wrote: @kfoon <https://github.com/kfoon> Hi What do you mean by *"authenticate for those domains"* ? Obtain TLS certificate for mutiple domains ? Please provide your full configuration, answering a question with just a handful of environment variable as a context isn't possible. — Reply to this email directly, view it on GitHub <#1253 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGY5ECQJKRJ75ZAOEHFB6D4YSCBHAVCNFSM6AAAAACYNKMWMSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTMNZXHEZDSNA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.*** .com>

[buchdag]

That's ... not how it works.

Could you please provide a bit more context on your setup and what you're trying to achieve ?

[kfoon]

❌ Root cause (confirmed) You are *still getting NOTZONE*, even though: - DNS server is correct ✅ - Zones exist ✅ - Manual nsupdate worked (but only for domain2.com) ⚠️ 👉 So the problem is: *acme-companion is not sending the correct zone value per domain*

…

------------------------------ 🔍 What’s actually happening internally For this request: _acme-challenge.xxx.domain2.com acme.sh should send: zone domain2.com BUT because you configured: NSUPDATE_ZONE: domain1.com domain2.com domain3.com 👉 acme.sh is *picking the wrong zone* (very common bug/limitation) So it likely tries: zone domain1.com ❌ (for domain2.com request) → DNS server responds: NOTZONE

------------------------------ 🔥 This is a known limitation The acme.sh nsupdate integration: 👉 *does NOT reliably handle multiple zones in one config* Even if they are on the same DNS server. ------------------------------ ✅ The correct fix (production-grade) 👉 Run ONE acme-companion per zone

On Fri, 1 May 2026 at 11:33, Nicolas Duchon ***@***.***> wrote: That's ... not how it works. Could you please provide a bit more context on your setup and what you're trying to achieve ? — Reply to this email directly, view it on GitHub <#1253 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGY5EG7XPYDSC5QKJLNLA34YSDR3AVCNFSM6AAAAACYNKMWMSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTMNZXHEZTOMA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.*** .com>