Can I have two ssl certificates for one domain (single server)?

Is it possible to have multiple SSL keys for one domain at one server?

Reason: When you renew an SSL certificate, you’re actually replacing the expiring one with a new one for all intents and purposes. Obviously you don’t want to uninstall the expiring certificate first, lest you leave your site unprotected.


And that's as much as an answer you're getting. See your other thread. You're giving too little information. So, a short question without enough information gets you a short answer I'm afraid.

That's not that obvious. Most services using TLS certificates will only start using the new certificate when the service is reloaded. So you can perfectly renew a previous certificate (which only takes a few seconds by the way...) and after the successful renewal, you'll reload the service. Most services (like Apache) have a "graceful" reload option, where a process which still has some useful work to do, won't be stopped until it has done all its work. Any process not doing anything useful will be stopped with a new process with the new certificate will be started.

Also, with most (if not every) renewal processes, there is no such thing as "uninstalling" a certificate first before the renewal proces.

1 Like

Another reason I wanted to multiple keys is to have backup keys. How can I have multiple keys when renewing the certificate (certbot renew) will generate new set of keys, and move the old set of keys to the the archive folder?

My domain is:

I ran this command: sudo certbot certonly --standalone for installing

It produced this output:

My web server is (include version): Node JS v10.18.0

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

...and what is it you're hoping to accomplish with this? It isn't like keys are in short supply, or difficult or time-consuming to create.

1 Like

When configuring Public Key Pinning for iOS using TrustKit, the program is not compiling without a backup key. That’s the reason.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.