Hello,
I manage a Host having some low traffic websites, and I would like to issue a multi-domain certificate for all of them.
I yet experienced how to issue a multi-domain certificate with letsencrypt, really really simple!
My question is: in a dynamic context like multi-websites hosts, where it is possible that new domains are added after I issued a multi-domain certificate, is there a way to renew the certificate with the new domain or I would revoke the current and re-issue a new one?
Maybe my question is related to a Policy problem rather than a technical one, but I really appreciate every feedback!
Probably the easiest way is to just issue a new certificate using the same command you used to get the certificate originally, and add additional -d flags for the new domain, plus --expand to tell certbot to overwrite the existing certificate (as opposed to creating a new certificate lineage - i.e. a new sub-directory in /etc/letsencrypt/live).
No need to revoke your old certificate in that case, you can have any number of overlapping certificates (as long as youβre within the rate limits, which are not affected by revocation either) and something you only need to bother with when you suspect your private key was compromised.
