Adding/Removing a domain after a multi-domain certificate has been issued


#1

Hello,
I manage a Host having some low traffic websites, and I would like to issue a multi-domain certificate for all of them.

I yet experienced how to issue a multi-domain certificate with letsencrypt, really really simple! :slight_smile:

My question is: in a dynamic context like multi-websites hosts, where it is possible that new domains are added after I issued a multi-domain certificate, is there a way to renew the certificate with the new domain or I would revoke the current and re-issue a new one?

Maybe my question is related to a Policy problem rather than a technical one, but I really appreciate every feedback!

Thank you very much

Best

Antonio


#2

Probably the easiest way is to just issue a new certificate using the same command you used to get the certificate originally, and add additional -d flags for the new domain, plus --expand to tell certbot to overwrite the existing certificate (as opposed to creating a new certificate lineage - i.e. a new sub-directory in /etc/letsencrypt/live).

No need to revoke your old certificate in that case, you can have any number of overlapping certificates (as long as youโ€™re within the rate limits, which are not affected by revocation either) and something you only need to bother with when you suspect your private key was compromised. :wink:


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.