sslssl-certificatelets-encrypt

Letsencrypt add domain to existing certificate


I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?

I have tried these few commands

./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com

./letsencrypt-auto certonly -d example.com --expand -d test.example.com

Result: both created a brand new cert in a new folder test.example.com-0001

./letsencrypt-auto certonly --renew-by-default  --expand -d test.example.com

Result: error folder test.example.com already exists.

./letsencrypt-auto renew --expand -d orange.fidka.com

Result: error, I can only renew if my certificate is expired.


Solution

  • You need to specify all of the names, including those already registered.

    I used the following command originally to register some certificates:

    /opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
    --email me@example.com \
    --expand -d example.com,www.example.com
    

    ... and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN:

    /opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
    --expand -d example.com,www.example.com,click.example.com
    

    From the documentation:

    --expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."

    Don't forget to restart the server to load the new certificates if you are running nginx.