Adding a second domain to a certificate

Foazino · June 29, 2016, 2:18pm

I have a Wordpress multisite setup using Trellis and Bedrock. The point of this website means that it involves adding new domain names on a regular basis. I do this by adding the new domain name, for example domain2.com, to the wordpress_sites.yml file like this:

site_hosts:
  - domain1.com
  - domain2.com

I use Let’s Encrypt for SSL certificates, which worked like a charm for the initial domains – but not for the domains I added later. At first I got an error when running ansible-playbook server.yml -e env=production that the DNS record should point to the webserver (which it already did), but I solved that by setting

ssl:
  enabled: false

Then running ansible-playbook server.yml -e env=production, change it back to

ssl:
  enabled: true

And then running ansible-playbook server.yml -e env=production again. I think the DNS Let’s Encrypt error stopped Nginx from updating the vhost. This way Let’s Encrypt had no way to reach the webserver to verify it.

After that verification worked like a charm and I got all greens when running the server playbook.

The problem is that Chrome returns a red lock saying the certificate is not valid for domain2.com. Yet is still is valid for domain1.com. Is this because there was already a certificate issued for the main domain? If so, how do I go about fixing this?

cool110 · June 29, 2016, 2:40pm

You need either a cert with all the domains on or separate certs for each domain (only if they have separate vhosts).

If you used certbot for your original cert it can be replaced with one for both domains by using multiple -d flags and the --expand flag.

Foazino · June 29, 2016, 3:11pm

Thank you for your quick response!

I think Trellis uses Acme Tiny to request the certificate. Can I use the same flags with that script?

cool110 · June 29, 2016, 3:31pm

No, Acme Tiny requires a previously created CSR, this should have been done automatically by Trellis.

Do you have provider: letsencrypt after

ssl:
    enabled: false

Foazino · June 29, 2016, 3:36pm

Yes it looks like this:

ssl:
  enabled: true
  provider: letsencrypt

Like I said, it works like a charm on the first domain, just adding a new domain doesn’t work.

jvanasco · June 29, 2016, 5:34pm

I think you need to open a ticket on the Trellis github account. It sounds like their system is not picking up the fact that you have added additional domains.

In the meantime, you could manually request the certificate.

Foazino · June 30, 2016, 7:25am

Thank you, I’ll try to do that and open up a ticket.

system · July 30, 2016, 7:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correct steps to add another domain to existing certificate Help	5	169159	July 19, 2018
How to set up Lets Encrypt to work with multiple domains hosted on a single VPS(Nginx) Server	12	40585	June 9, 2016
Add new sub-domains Help	3	1250	June 19, 2017
Multiple certs for domains Help	2	772	March 13, 2019
How to https://domain.tld to https://www.domain.tld	5	2207	June 16, 2016

Adding a second domain to a certificate

Related topics