Adding different domains to existing certificate?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

So i am trying to redirect to another that has certificate from certbot. But before redirect it tries to do SSL handshake and gives me warning that NET::ERR_CERT_COMMON_NAME_INVALID.

I am also using cloudflare for DNS only and do not have SSL on it.

Can i add domain to the certificate with --expand flag?

My domain is:

I ran this command:I havent run any command yet, do i need to renew or add it to domain ?

It produced this output:No output asi havent tried it yet but dont want to screw up existing certificate

My web server is (include version): nginx

The operating system my web server runs on is (include version):ubuntu 18.04

My hosting provider, if applicable, is:Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.2.61

I want to expand a certificate to include a few more domains

certbot --expand -d,, etc
If im on cloudflare but only using DNS (not caching) and not using SSL on CF, do i need to add anything else?

What happens if this fails, its a high traffic site hosting the certificates, i need to put them on one cert because of a redirect and its causing invalid cert error in browser

I am going to run sudo certbot --expand -d,, on nginx

But i am wondering what happens if my expand fails? This is a high traffic site so I dont really want to mess with anything.

Also i am using cloudflare as pass through only (its only managing my DNS) and not using encryption on CF.

If renewal fails, your existing certificate will continue being used. Eventually it will expire; generally speaking you’ll have 30 days to fix any problems before your existing certificate expires.

This seems to indicate a problem with the name used in the redirection.
[perhaps the redirection includes WWW which is not covered by the cert (or visa-versa)]
Or the site hosting the redirected URL can't properly handle request (SNI failure).

Either way, it doesn't sound like a problem created by the certs in use.

Maybe you can share the error message shown.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.