Letsencrypt add domain to existing certificate

Question

I am just simply trying to add the domain test example com to the certificate that already exists for example com  How do I add a domain to my existing certificate and replace the old certificate   I have tried these few commands    letsencrypt-auto certonly --cert-path  etc letsencrypt archive example com --expand -d test example com    letsencrypt-auto certonly -d example com --expand -d test example com   Result  both created a brand new cert in a new folder test example com-0001    letsencrypt-auto certonly --renew-by-default  --expand -d test example com   Result  error folder test example com already exists     letsencrypt-auto renew --expand -d orange fidka com   Result  error  I can only renew if my certificate is expired

User · Answer

Apache on Ubuntu  using the Apache plugin   sudo certbot certonly --cert-name example com -d m example com www m example com   The above command is vividly explained in the Certbot user guide on changing a certificate s domain names  Note that the command for changing a certificate s domain names applies to adding new domain names as well   Edit  If running the above command gives you the error message      Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA    follow these instructions from the Let s Encrypt Community

User · Answer

I was able to setup a SSL certificated for a domain AND multiple subdomains by using using --cert-name combined with --expand options   See official certbot-auto documentation at https   certbot eff org docs using html  Example   certbot-auto certonly --cert-name mydomain com br   --renew-by-default -a webroot -n --expand   --webroot-path  usr share nginx html   -d mydomain com br   -d www mydomain com br   -d aaa1 com br   -d aaa2 com br   -d aaa3 com br

User · Answer

This is how i registered my domain   sudo letsencrypt --apache -d mydomain com   Then it was possible to use the same command with additional domains and follow the instructions   sudo letsencrypt --apache -d mydomain com x mydomain com y mydomain com

User · Answer

You can replace the certificate by just running the certbot again with   certbot-auto certonly  You will be prompted with this message if you try to generate a certificate for a domain that you have already covered by an existing certificate   ------------------------------------------------------------------------------- You have an existing certificate that contains a portion of the domains you requested  ref   etc letsencrypt renewal  lt domain gt  conf   It contains these names   lt domain gt   You requested these names for the new certificate   lt domain gt    lt the domain you want to add to the cert gt    Do you want to expand and replace this existing certificate with the new certificate  -------------------------------------------------------------------------------   Just chose Expand and replace it

User · Answer

this worked for me    sudo letsencrypt certonly -a webroot --webroot-path  var www html -d  domain com -d www domain com

User · Answer

You need to specify all of the names  including those already registered   I used the following command originally to register some certificates    opt certbot certbot-auto certonly --webroot --agree-tos -w  srv www letsencrypt    --email me example com   --expand -d example com www example com       and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN    opt certbot certbot-auto certonly --webroot --agree-tos -w  srv www letsencrypt    --expand -d example com www example com click example com   From the documentation      --expand  If an existing cert covers some subset of the requested names  always expand and replace it with the additional names     Don t forget to restart the server to load the new certificates if you are running nginx

[ssl] Letsencrypt add domain to existing certificate

Examples related to ssl

Examples related to ssl-certificate

Examples related to lets-encrypt