SyntaxFix

[ssl] Letsencrypt add domain to existing certificate

I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?

I have tried these few commands

./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com

./letsencrypt-auto certonly -d example.com --expand -d test.example.com

Result: both created a brand new cert in a new folder test.example.com-0001

./letsencrypt-auto certonly --renew-by-default  --expand -d test.example.com

Result: error folder test.example.com already exists.

./letsencrypt-auto renew --expand -d orange.fidka.com

Result: error, I can only renew if my certificate is expired.

This question is related to ssl ssl-certificate lets-encrypt

The answer is

this worked for me 

 sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d
 domain.com -d www.domain.com

This is how i registered my domain:

sudo letsencrypt --apache -d mydomain.com

Then it was possible to use the same command with additional domains and follow the instructions:

sudo letsencrypt --apache -d mydomain.com,x.mydomain.com,y.mydomain.com

You can replace the certificate by just running the certbot again with ./certbot-auto certonly

You will be prompted with this message if you try to generate a certificate for a domain that you have already covered by an existing certificate:

-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/<domain>.conf)

It contains these names: <domain>

You requested these names for the new certificate: <domain>,
<the domain you want to add to the cert>.

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------

Just chose Expand and replace it.

I was able to setup a SSL certificated for a domain AND multiple subdomains by using using --cert-name combined with --expand options.

See official certbot-auto documentation at https://certbot.eff.org/docs/using.html

Example:

certbot-auto certonly --cert-name mydomain.com.br \
--renew-by-default -a webroot -n --expand \
--webroot-path=/usr/share/nginx/html \
-d mydomain.com.br \
-d www.mydomain.com.br \
-d aaa1.com.br \
-d aaa2.com.br \
-d aaa3.com.br

Apache on Ubuntu, using the Apache plugin:

sudo certbot certonly --cert-name example.com -d m.example.com,www.m.example.com

The above command is vividly explained in the Certbot user guide on changing a certificate's domain names. Note that the command for changing a certificate's domain names applies to adding new domain names as well.

Edit

If running the above command gives you the error message

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

follow these instructions from the Let's Encrypt Community

Source: Stackoverflow.com

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to ssl-certificate

How to install OpenSSL in windows 10? Scraping: SSL: CERTIFICATE_VERIFY_FAILED error for http://en.wikipedia.org Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION] Letsencrypt add domain to existing certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure bypass invalid SSL certificate in .net core How to add Certificate Authority file in CentOS 7 How to use a client certificate to authenticate and authorize in a Web API This certificate has an invalid issuer Apple Push Services iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Examples related to lets-encrypt

Letsencrypt add domain to existing certificate

Tags

Mootools1.2 Isbn .obj Imagesource Updatecheck Ps3 Flowdocumentreader 7zip Cmdlets Addattribute Embedded-language Vacuum Python-imaging-library Softkeys Foreign-key-relationship Shift-reduce Sandbox-solution Merge-statement Atlcom Ghci Urlrequest Nhibernate-3 Lotusscript Gomoku Tao.ffmpeg Hook Null-coalescing-operator Fxcopcmd Utf8-decode Qcombobox Self-type Castle-activerecord Confirmation Transport-security Git-status Build.xml Oracle Service-tier Oncheckedchanged Brk Supervisord String-aggregation Windows-administration Msdasql Farseer Move Git-gc Significance Jump-list Salt Show Usability-testing Mnemonics Google-toolbar Deferred-execution Dimensions Textmatching Bsp Distribute Cgpdfdocument Forecasting Multiscaleimage Libav Apache-pivot Fault Ontology Connection-string Ca2202 Mov Metatrader4 Showdialog Signaturetool Cx-freeze Submenu Facade System.componentmodel Sapscript Composite-component Textout Oauth-2.0 Avr-gcc Patricia-trie Manual-testing Visualstategroup Javax.comm Lemmatization Shorttags Jaws-wordnet Soft-references Simulated-annealing Embeddable Pseudo-element Tcpsocket Sales-tax Integrated-security Cts Conkeror Scrolledwindow Tapestry Apache-roller