Add new certificate to server


#1

Hi,

I have a server with two certificates on it, one for the production and another for preprod. I want to add a new subdomain certificate as the subdomain is not available because it doesnot have a certificate.

Can i just run certbot command with the -d subdomain.domain.com ? It will not affect current domains right ?

Thanks for your help


#2

Hi @Choppy

what authentication do you use? http-01 requires a running webserver, but you can use --standalone to start one. But that may be a problem with your existing webserver, if port 80 is used.

Or do you use dns-01 validation? Then you don’t need a running webserver.


#3

I think its http-01. How do i verify that ? Everything runs on nginx

I think port 80 is used for the domains but they redirect to https.

Thanks !


#4

If you’re running nginx, you just need to set up a server block for the new subdomain on port 80, make sure the DNS record for the subdomain is actually pointed at the server, then run certbot -d subdomain.example.com to create a new and separate certificate for that subdomain. Your other domains should be unaffected.

If you’re using an older version of certbot (older than 0.28), you’ll also want to add --preferred-challenges http-01 to the command to make sure it doesn’t use the old tls-sni-01 domain verification method that’s going to be disabled soon.


#5

@jmorahan Thanks for your answer, that’s just what i wanted to know !