Adding different domains to existing certificate?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

So i am trying to redirect achu.health to another achuhealth.com that has certificate from certbot. But before redirect it tries to do SSL handshake and gives me warning that NET::ERR_CERT_COMMON_NAME_INVALID.

I am also using cloudflare for DNS only and do not have SSL on it.

Can i add achu.health domain to the achuhealth.com certificate with --expand flag?

My domain is: achu.health

I ran this command:I havent run any command yet, do i need to renew achu.health or add it to achuhealth.com domain ?

It produced this output:No output asi havent tried it yet but dont want to screw up existing certificate

My web server is (include version): nginx

The operating system my web server runs on is (include version):ubuntu 18.04

My hosting provider, if applicable, is:Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.2.61


What happens on renewal fail?
#2

I want to expand a certificate to include a few more domains

certbot --expand -d domain.com, domain1.com, domain2.com etc
If im on cloudflare but only using DNS (not caching) and not using SSL on CF, do i need to add anything else?

What happens if this fails, its a high traffic site hosting the certificates, i need to put them on one cert because of a redirect and its causing invalid cert error in browser


Expanding cert for additional domains under nginx
#3

I am going to run sudo certbot --expand -d domain1.com, domain2.com, domain3.com on nginx

But i am wondering what happens if my expand fails? This is a high traffic site so I dont really want to mess with anything.

Also i am using cloudflare as pass through only (its only managing my DNS) and not using encryption on CF.


#4

If renewal fails, your existing certificate will continue being used. Eventually it will expire; generally speaking you’ll have 30 days to fix any problems before your existing certificate expires.


#5

This seems to indicate a problem with the name used in the redirection.
[perhaps the redirection includes WWW which is not covered by the cert (or visa-versa)]
Or the site hosting the redirected URL can’t properly handle request (SNI failure).

Either way, it doesn’t sound like a problem created by the certs in use.

Maybe you can share the error message shown.


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.