Advise on Cert creation

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command: was a while ago but…
certbot --webroot -w /dir1/dir2/dir3/ --cert-name Sass -d certonly
certbot --webroot -w /dir1/dir2/dir3/ --cert-name -d certonly

It produced this output: do not have any record of this now

My web server is (include version): not permitted to expose this

The operating system my web server runs on is (include version): not permitted to expose this

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

Sorry, kind of new at this.

Our primary webserver is at ip x.x.x.135
We also have other domains such as, .org etc. as well as all pointing to the same address as
Our test server is at x.x.x.136
I created certs as above, one for and one for and they work fine
Testing against suggests that the cert is untrusted and I suspect it is because I did not include -d when I created the cert
In hindsight I think I should have created a cert with
–d (and .net, .info etc as listed above)
I’m not sure that I have created these in the best way and am looking for some advise as to how I could have done it better. Given that wildcard certs are now available maybe this changes things again.
I’m thinking that a wildcard cert for * would cover off my test server and production but don’t understand what I would need to do to cover off and the, .net, etc that we have.

Looking for some understanding. Thanks

Hi @letseq,

As long as all of the names point to the same server, you can specify up to 100 different names via -d options to Certbot, and all of the names you specify will get included in the same certificate, which will then be valid for any of them. Even now, you could re-run Certbot to issue a new certificate in place of your old one, including both and (and, if you want, any other names). How to split up the names is up to you, but you’ll get a certificate mismatch error if you don’t have some certificate installed on a server that covers the specific name that the user is accessing that server with.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.