Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago .I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com . How do I add a domain to my existing certificate and replace the old certificate? I have tried these few commands
./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com ./letsencrypt-auto certonly -d example.com --expand -d test.example.com
Result: both created a brand new cert in a new folder test.example.com-0001
./letsencrypt-auto certonly --renew-by-default --expand -d test.example.com
Result: error folder test.example.com already exists.
./letsencrypt-auto renew --expand -d orange.fidka.com
Result: error, I can only renew if my certificate is expired.
26.1k 11 11 gold badges 75 75 silver badges 104 104 bronze badges
asked Jul 11, 2016 at 8:30
Jeff Davenport Jeff Davenport
2,734 2 2 gold badges 14 14 silver badges 19 19 bronze badges
This question has been reopened on Super User: superuser.com/questions/1432541/…
Commented May 3, 2019 at 12:51
To anyone now viewing this question: I would recommend having a look at the answer on superuser. It uses certbot --expand which is closer to what this question is asking imo
Commented Oct 22, 2019 at 4:32You need to specify all of the names, including those already registered.
I used the following command originally to register some certificates:
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \ --email [email protected] \ --expand -d example.com,www.example.com
. and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN:
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \ --expand -d example.com,www.example.com,click.example.com
--expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."
Don't forget to restart the server to load the new certificates if you are running nginx.
answered Jul 12, 2016 at 9:07 Simon Hampel Simon Hampel 2,736 1 1 gold badge 19 19 silver badges 18 18 bronze badges The command changed slightly to certbot-auto certonly -a webroot . Commented Nov 11, 2016 at 7:36 does it work for standalone plugin? Commented Jan 24, 2017 at 17:17 When I use the above, it creates a new cert on it's own, with a -001 at the end. Commented Apr 12, 2017 at 22:24 Ran it on production, expand does not seem to require any visible down time. I used certbot-auto Commented Jun 7, 2017 at 20:12@simon-hampel When the SSL Certificate is expanded, does it extend the expire date for all the domains that are defined in the list.
Commented Feb 7, 2018 at 13:25Apache on Ubuntu, using the Apache plugin:
sudo certbot certonly --cert-name example.com -d m.example.com,www.m.example.com
The above command is vividly explained in the Certbot user guide on changing a certificate's domain names. Note that the command for changing a certificate's domain names applies to adding new domain names as well.
Edit
If running the above command gives you the error message
answered Jun 10, 2017 at 21:53 Cedric Ipkiss Cedric Ipkiss 6,207 6 6 gold badges 49 49 silver badges 76 76 bronze badgesClient with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
It is probably mentioned in the documentation but if you are just adding to existing you need to add the existing domain again - or it will be removed
Commented Aug 23, 2018 at 12:29they also have the --expand option that you initially think it allows you to add while keeping existent domains, but it doesn't do that (facepalm). I don't really like their options or documentation.
Commented Oct 27, 2021 at 18:20This is how i registered my domain:
sudo letsencrypt --apache -d mydomain.com
Then it was possible to use the same command with additional domains and follow the instructions:
sudo letsencrypt --apache -d mydomain.com,x.mydomain.com,y.mydomain.com
answered Feb 1, 2017 at 15:38
1,084 2 2 gold badges 11 11 silver badges 25 25 bronze badges
i just replaced letsencrypt with ./certbot-auto and it works! Command ./certbot-auto --nginx -d domain1.com,domain2.com ask if i want to expand existing cert and does the job.
Commented Dec 12, 2017 at 6:19 Thanks. It saves my time. I run ./letsencrypt-auto --debug -d new-domain.com -d new-alias.com – user1836049 Commented Jul 26, 2018 at 4:32You can replace the certificate by just running the certbot again with ./certbot-auto certonly
You will be prompted with this message if you try to generate a certificate for a domain that you have already covered by an existing certificate:
------------------------------------------------------------------------------- You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/.conf) It contains these names: You requested these names for the new certificate: , . Do you want to expand and replace this existing certificate with the new certificate? -------------------------------------------------------------------------------
Just chose Expand and replace it.