Add subdomain + auto-renew after manual DNS challenge originally

My domain is:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I originally setup LetsEncrypt using the manual DNS challenge instructions here. Essentially I ran the following command;

certbot -d -d --manual --preferred-challenges dns certonly

I use DNS challenge as I was moving server before pointing the DNS to the new server and that seemed like the smoothest method from various articles I found. That was great and got everything working.

The problem I have now is two fold. Firstly I want to add an extra subdomain to the certificate I also want to know how to renew the certificate automatically in the future. Using manual DNS challenges is no longer required from this point forward as the site and domain are now transferred to the new server and running.

So how do I go about updating the certificates to add the new subdomain, and make it possible/easy to auto-renew later in the smoothest way possible without causing any issues for the live site (security flags etc).

A1. add: -d to the command:
certbot certonly --manual -d --preferred-challenges dns -d -d

A2. In order to understand better please clarify “DNS challenges is no longer required” and how you intend on renewing.


In regards to A2—when I say DNS challenge is no longer require I mean originally I used that challenge method because it was all that was available before the DNS was updated to the new server. Now however any challenge mode is fine to use if others provide a smoother renewal process.

Everything I read said that auto renewing the certificates was a lot more complex if manual mode was required but manual mode was only being used as that was the method suggested to use to force DNS challenge when that challenge was required. Now that I can use any challenge mode I meant that I can switch to auto mode to make renewing easier, but in that case should I still use manual to add the sub-domain or should I run one of the auto commands when add the sub domain to make it easier to auto renew when the time comes.

At this point you should not need to use manual method and I would also recommend not to since your end goal is to auto renew from script.

In order to not cause problems with live systems and limits, try adding “–dry-run” to any command line you are attempting.
When you have got it working (as you need it) then remove the “–dry-run” parameter.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.