Ive started up using Let’s Encrypt certs for my portal, which has an expanding number of domain name aliases. When I started up, I read up on the different options for Certbot. I chose between standalone mode and webroot, but went with standalone to start with, since the portal is proxied through a pair of Apache servers.
Since then I’ve begun to set up ProxyPass for the .well-known calls from both proxies to a separate Apache server to be able to use webroot instead.
When I did the first certificate, I used a csr, since I had a list of ~60 domain names for the portal. Now though, I’d like to do two things:
Add a new domain to the SAN cert
Set up automation for the renewal.
I don’t have root on the apache server, but I do have full write access to a folder which is read by Apache with Includedir (for vhost entries and other configuration), as well as /var/www/html (the web root)
I’m basically stuck at the step of extending my current certificate. All documentation I can find speaks about how to extend a certificate where I’ve given all the domains on the command line.
- Is there a way to extend a csr-created certificate?
I also have some questions for the automation.
When certbot has renewed a certificate, how long do I have to replace the old one, if the cert-bot machine is different from the outward facing servers?
Is the old certificate invalidated immediately or does it expire gracefully so I have a day at least to replace the certificates on the proxies?
Please fill out the fields below so we can help you better.
My domain is: multiple domains
My operating system is (include version): CentOS 6
My web server is (include version): Apache 2.4.6
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No