Best way to encrypt additional domains


#1

I have been running letsencrypt certs for several months now with only minor issues, quickly resolved by excellent tech support from this forum. Can I now ask for advice on how best to achieve encryption on more than one domain name, specifically ‘wikispooks.com’ (existing cert works fine) plus ‘www.wikispooks.com’.

From reading the documentation it is clear that a new certificate is needed to include the additional (new) domain. My question is how best to achieve this?

Specifically, I would like to maintain the existing cert issue history AND have only one certificate which incorporates both domains. My provisional conclusion is that I will need to revoke the existing certificate and have a new one issued that incorporates both domains using the ‘-expand’ option with certbot.

Could somebody please confirm this with perhaps an example command line and any other observations/cautions etc.

Existing setup is running Apache on a Centos 7 server.

Thanks in anticipation


#2

Correct.

How did you get your cert in the first place? Because the way you’d get a new cert with both names is going to be very similar. If you used certbot, the command would be something like certbot certonly --cert-name wikispooks.com -d wikispooks.com -d www.wikispooks.com, though probably modified a bit to suit your requirements. The --cert-name parameter tells it to use your existing cert history.

No. No, no, no. “Revoke the cert” is almost never the right answer–the only case where that’s called for is if your private key has been compromised.


#3

Job done.
Dead easy when you know how eh?
Thanks once again for the prompt help.