Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: spirit.org
I ran this command: cerbot --apache
It produced this output: A certificate for my website: https://www.spirit.org
My web server is (include version): apache2-2.4.25
The operating system my web server runs on is (include version): debian stretch
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.28.0
However, someone tried to connect to https://spirit.org, and got an error since I didn’t have that as a SAN. My question is, do I need to reissue the certificate with a SAN, or can I modify the one that I have, and if so, how would I do so.
Thanks for any help and or advice.
do you have a correct vHost?
to see your current certificate.
If the vHost is correct, use
certbot -d spirit.org -d www.spirit.org --cert-name [nameofyourcertificate]
to overwrite the existing certificate.
PS: Yep, there is a certificate with only the www version:
expires in 30 days www.spirit.org - 1 entry
Your instructions were perfect! Followed the steps (learned in the process), and can now connect to https://spirit.org without certificate errors.
P.S. Like your ps, I wanted to know what cmd you ran to get your output?
I've checked your domain with my online tool - https://check-your-website.server-daten.de/?q=spirit.org#certificates
It's the part of the certificates.
The tool is online, you can use it. Most ideas added are from this forum.
Thanks Juergen! I appreciate your making your work available. Do you think I should somehow revoke the old certs, like the ones from startcom (no longer in business for certs, afaik)?
Juergen, what’s your recommended way to enable TLS 1.2 for my setup?
No, there is no need to revoke certificates if the private key isn't stolen.
The last check of your domain - there is Tls.1.2 enabled.
You’re right. I think it was because I saw something in the test that was run about TLS 1.2. I’ll recheck.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.