Adding more names to certbot names list


#1

When I first ran certbot it asked me to specify the domain name I was trying to secure since it couldn’t find any names in the conf file. I did so but I only put in one domain name, lets call it www.mydomainname.com. Now I want to add more domain names to be secured including mydomainname.com (the original but without the www) but I can’t find the configuration file. The documentation says I should run the command “certbot-auto --config cli.ini” in order to modify the configuration file but when I try to run this command it shows that its not a valid one. I also tried certbot-auto -c cli.ini but that didn’t work either. I searched the files in /etc/letsencrypt but couldn’t find a config file there either (granted some of the folders in there denied me access permission and I don’t want to run chown and mess up something with certbot).

Could you please tell me how or where I can add more domain names? Also I assume once I add a domain name all subdirectories in that domain will also be secur, is that correct (as in securing www.mydomain.com also secures www.mydomain.com/subdir) ? Finally, the redirection from http://www.mydomainname.com to https doesn’t seem to work, could this be a problem in my apache server?

Thanks and hope I don’t sound too stupid

Matthew


#2

You shouldn’t have to edit a configuration file. What you should do is the following:

  • Copy the exact command of certbot you used the first time for your www-domain;
  • Add --expand to this command line;
  • Add the other domain name to this command line too with -d mydomainname.com, so you’ve got both domain names in the command.

#3

I am not too expert with certbot, so I hope someone else will give you more guidance about that, but I will say that I suspect the --config and -c parameters aren’t intended to offer to edit the configuration, but to instead apply a configuration file you’ve edited, if that makes sense to you.

However, I can tell you that your assumption about subdirectories is correct, the certificates you receive (from Let’s Encrypt or any commercial CA) certify your control of each Fully Qualified Domain Name (e.g. “www.example.com” or “example.com”), and not only are suitable for any amount of different pages and sub-directories on a web site with that FQDN but they don’t even have to be for a web server, any kind of server (e.g. a mail server) can present such certificates which match their FQDN to prove who they are.

And yes, redirection trouble will be an Apache configuration problem, and not related to the certificate, though if certbot tried to help set up redirection and it didn’t work that can still be reported as a bug in certbot.


#4

It ended up being a problem with the fact that I wasn’t port forwarding correctly, therefore my domain would only work through HTTPS but not HTTP. What certbot plugged into my configuration files worked but it was a deprecated implementation.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.