Add new subdomain


When I first installed letsecrypt I did it for domain
now I would like to add subdomain

Debian server up to date

Using putty SSH

I already tried ./letsencrypt-auto like the first time I used it but it just asks me to renew or reinstall the existing dimain
It doesn’t allow me to add new one

Thanks for your help and guidance


Does your webserver have the www subdomain configured?


how to know if it is configured ?


I don’t know, because I don’t know what webserver you’re running. You should be able to find out yourself with the aid of a search engine such as Google.


if that helps, before running https i was in http and I had both and as A record



is this information useful ?


You could potentially just try:

./letsencrypt-auto -d -d --dry-run

And if that succeeds, remove the --dry-run.


after running it, I have a message telling me that dry-run only works with certonly or renew commands


Currently Certbot (the program that you’re using with its old name letsencrypt) doesn’t have an option to add or remove a name, although we plan to add one¹. What you have to do is request a certificate that contains all the names that you want, and then Certbot will replace the old certificate with the newly-issued one. @_az’s suggestion to use multiple -d options is right: you have to request the certificate to cover both the www and the base domain.

If you want to test with --dry-run, you can add certonly and then the test should go ahead.

¹ I mean, you can add and remove names by giving a different list of names that the certificate should cover, but there is no option dedicated to performing this specific task, without also requiring you to list all of the names that you want in the cert.


thankf for the reply so if I understand:
under letsencypt folder i run the command
./certbot-auto -d -d --dry-run
if test is ok i do it again without --dry-run and I am done ?


where do I add certonly ??


./certbot-auto certonly -d -d --dry-run


I get this


You’re using Apache, right? So I’d try 1 first.


It has worked so should I do the same without --dry-run ?


Yes, without --dry-run and also without certonly.


what to choose ?


It seems you don’t have a virtual host set up for your www subdomain, so Apache will just use the default one. Looks like that’s wordpress.conf for HTTP since the others are HTTPS. However, you might be better off to cancel and set up a virtual host first. Either a simple one that’s just something like

<VirtualHost *:80>
  Redirect permanent /

or you could add ServerAlias to the existing virtual host and let WordPress handle the redirect.


are these commands or a text file ?


A text file. The location will depend on your operating system. For example on Debian/Ubuntu/etc the files are in /etc/apache2/sites-available/ - you can try finding and editing the existing wordpress.conf, find a line that looks like
and add a new line after it:

Or you can add a new file with the four lines I posted above, and enable it with a command like
sudo a2ensite newfilename

If you have a different operating system the files may be in a different place. Try locate wordpress-le-ssl.conf to find them.