Adding new domain to existing SAN cert without regenerating key?


Can I add a new domain to an existing SAN cert without regenerating the key? I have a site-level shared hosting account with Inmotion Hosting and there is a fee each time they install a key for you, since you don’t get root access.

My plan is to use a web based solution like zerossl since Certbot would be someone pointless to run on their server without root access. I just want to make sure I can add SSL encryption to “add-on” domains with only a little bit of hassle.



The answer to your question is yes, but that probably won’t help you.

One part of setting up TLS is installing the correct server certificate, which includes the domain the certificate covers. You can’t change the domain list on a certificate without issuing a new certificate, and while you could re-use an existing key, the certificate file would change, and your host would have to re-install that certificate, which is probably something they’d charge that fee for.

As an aside, in all likelihood you’d have to pay that fee every 90 days, since that’s how long certificates issued by Let’s Encrypt are valid for, and renewals generate a new certificate as well. Your best options would probably be to either switch to a web host that supports Let’s Encrypt or, if that’s not an option, get a one- or two-year certificate from a commercial CA, which is probably cheaper than the installation fee. (They’re available for about $10/year from some resellers.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.