Adding domain to existing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: reynoldsforum.com

I ran this command: cerbot --apache

It produced this output: unable to show currently on my phone just lists domains and asks which one to add cert.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu server 21.04

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

So hopefully this is a simple case, I already created a certificate for my domain snarlgaming.com and it works great thanks to Osiris, so I decided to get a new domain name and point it at the same site IP ( reynoldsforum.com ) is there a way to add this domain to the certificate ? If so what’s the CL ? If not how do I create a new cert for it ? Every time I run the certbot —apache command it just lists the site I already have installed. Any assistance is greatly appreciated ! I did a search but all information I found seems archaic. Thanks in advance.

Welcome to the Let's Encrypt Community, Joshua

You likely are missing a VirtualHost for reynoldsforum.com.

What is the output of:

sudo apachectl -S

Not currently able to access the terminal but I will return with results as soon as I am home. Thanks !

Unfortunately, there is no simpel "add this domain X to an already existing certificate". If you want to add or remove certain hostnames of an already existing certificate, you'll need to do the same thing you did for your existing certificate, but now with a modified list of domains using the -d option. You can (or should, depending on the version of certbot, older versions had some trouble..) use --cert-name to select the certificate from the certbot certificates output so you'll make sure certbot will overwrite that particular certificate. The command certbot certificates also lists current hostnames for the certs, which you could use for the -d option. (Note that the -d option only accepts single hostnames [with multiple -d options to add more hostnames to a single cert] or a comma separated list, not a "space separated list" as in the certbot certificates output.)

Also note that it's common practice to have multiple certificates for a single webserver, with a single certificate for each site. So for example site A with example.com, www.example.com and webmail.example.com would be a single cert and site B with 'example.net, stream.example.net, foo.example.net, baz.example.net` would have a different certificate.

I am still pretty noobish so I don't understand how to implement those commands, would it look something like this

sudo certbot --cert-name
sudo certbot certificates -d snarlgaming.com -d reynoldsforum.com

or are you saying I need to delete the certification and re install with the new domain added ?

--cert-name I assume is the name of the certificate

is this the screen I should be seeing ?

I ran it and got this error

(E)xpand/(C)ancel: E
Renewing an existing certificate for snarlgaming.com and reynoldsforum.com
Performing the following challenges:
http-01 challenge for reynoldsforum.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of reynoldsforum.com.
Which virtual host would you like to choose?

1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | snarlgaming.com | HTTPS | Enabled

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

You should have a fully functional HTTP site before trying to secure it.
It seems that site is not currently being served.

I am able to access it though, should I give it a few hours to fully propagate ? but going to http://reynoldsforum.com the site pops up as it should. its obviously just not secured. Thanks !

hmmm do I need to select 2 so that it can add it to the vhost file ?

You need to make the website BEFORE you run certbot (and select anything therein).
What does http://reynoldsforum.com/ do?
It shows the exact same thing as: http://65.186.35.16/
Where is it served from?
From the default config?
If so, that does NOT equal a fully functional web site.

OK so I was able to get the certificate for reynoldsforum.com set up but I think I missed something in the vhost file and now its showing a 404 domain not found on this server ? I am thinking I need to change the directories in my vhost file ? i have it set to /var/www/html/reynoldsforum.com where-as I should just have /var/www/html/ ? gonna try will be back with results.

To better understand the problem, and a solution, start with:
sudo apachectl -S

this is what I got from that command:

ubuntu@ubuntu:~$ sudo apachectl -S
AH00112: Warning: DocumentRoot [/var/www/html/domain.com] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/reynoldsforum.com] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/reynoldsforum.com] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.14. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 192.168.1.14 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 192.168.1.14 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost reynoldsforum.com (/etc/apache2/sites-enabled/domain.com.conf:1)
alias www.reynoldsforum.com
*:443 is a NameVirtualHost
default server snarlgaming.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost snarlgaming.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost reynoldsforum.com (/etc/apache2/sites-enabled/domain.com-le-ssl.conf:2)
alias www.reynoldsforum.com
port 443 namevhost reynoldsforum.com (/etc/apache2/sites-enabled/domain.com.conf:21)
alias www.reynoldsforum.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Okay soooo I messed up, I figured if I deleted the certificate for the reynoldsforum.com that it would fix the issue but now Apache stopped working, I removed the config file for that vhost by

cd /etc/apache2/sites-enabled/

and then

sudo rm domain.com-le-ssl.conf

but its still showing as an error in the system

ubuntu@ubuntu:~$ ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Jul 21 14:24 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 34 Jul 23 20:12 domain.com.conf -> ../sites-available/domain.com.conf
ubuntu@ubuntu:~$ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.14. Set the 'ServerName' directive globally t o suppress this message
Syntax OK

I also removed the

/sites-available/domain.com.conf

file using the same method

I don't see any error, just a warning.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.