Adding domain to existing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: cerbot --apache

It produced this output: unable to show currently on my phone just lists domains and asks which one to add cert.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu server 21.04

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

So hopefully this is a simple case, I already created a certificate for my domain and it works great thanks to Osiris, so I decided to get a new domain name and point it at the same site IP ( ) is there a way to add this domain to the certificate ? If so what’s the CL ? If not how do I create a new cert for it ? Every time I run the certbot —apache command it just lists the site I already have installed. Any assistance is greatly appreciated ! I did a search but all information I found seems archaic. Thanks in advance.

1 Like

Welcome to the Let's Encrypt Community, Joshua :slightly_smiling_face:

You likely are missing a VirtualHost for

What is the output of:

sudo apachectl -S


Not currently able to access the terminal but I will return with results as soon as I am home. Thanks !


Unfortunately, there is no simpel "add this domain X to an already existing certificate". If you want to add or remove certain hostnames of an already existing certificate, you'll need to do the same thing you did for your existing certificate, but now with a modified list of domains using the -d option. You can (or should, depending on the version of certbot, older versions had some trouble..) use --cert-name to select the certificate from the certbot certificates output so you'll make sure certbot will overwrite that particular certificate. The command certbot certificates also lists current hostnames for the certs, which you could use for the -d option. (Note that the -d option only accepts single hostnames [with multiple -d options to add more hostnames to a single cert] or a comma separated list, not a "space separated list" as in the certbot certificates output.)

Also note that it's common practice to have multiple certificates for a single webserver, with a single certificate for each site. So for example site A with, and would be a single cert and site B with ',,,` would have a different certificate.

1 Like

I am still pretty noobish so I don't understand how to implement those commands, would it look something like this

sudo certbot --cert-name
sudo certbot certificates -d -d

or are you saying I need to delete the certification and re install with the new domain added ?

--cert-name I assume is the name of the certificate

is this the screen I should be seeing ?
lets encrypt

I ran it and got this error

(E)xpand/(C)ancel: E
Renewing an existing certificate for and
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of
Which virtual host would you like to choose?

1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | | HTTPS | Enabled

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

You should have a fully functional HTTP site before trying to secure it.
It seems that site is not currently being served.

1 Like

I am able to access it though, should I give it a few hours to fully propagate ? but going to the site pops up as it should. its obviously just not secured. Thanks !

hmmm do I need to select 2 so that it can add it to the vhost file ?

You need to make the website BEFORE you run certbot (and select anything therein).
What does do?
It shows the exact same thing as:
Where is it served from?
From the default config?
If so, that does NOT equal a fully functional web site.

1 Like

OK so I was able to get the certificate for set up but I think I missed something in the vhost file and now its showing a 404 domain not found on this server ? I am thinking I need to change the directories in my vhost file ? i have it set to /var/www/html/ where-as I should just have /var/www/html/ ? gonna try will be back with results.

To better understand the problem, and a solution, start with:
sudo apachectl -S

1 Like

this is what I got from that command:

ubuntu@ubuntu:~$ sudo apachectl -S
AH00112: Warning: DocumentRoot [/var/www/html/] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/
*:443 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost (/etc/apache2/sites-enabled/
port 443 namevhost (/etc/apache2/sites-enabled/
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/"
User: name="www-data" id=33
Group: name="www-data" id=33

Okay soooo I messed up, I figured if I deleted the certificate for the that it would fix the issue but now Apache stopped working, I removed the config file for that vhost by

cd /etc/apache2/sites-enabled/

and then

sudo rm

but its still showing as an error in the system

ubuntu@ubuntu:~$ ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Jul 21 14:24 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 34 Jul 23 20:12 -> ../sites-available/
ubuntu@ubuntu:~$ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally t o suppress this message
Syntax OK

I also removed the


file using the same method

I don't see any error, just a warning.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.