Can't Expand certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --webroot -w /var/www/html -d -d -d

It produced this output:

My web server is (include version): Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/

It contains these names:

You requested these names for the new certificate:,,

Do you want to expand and replace this existing certificate with the new

(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


The operating system my web server runs on is (include version): Ubunt 22.04

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no provider

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

I have A records for the certificate I want to expand but certbot doesn't seem to recognize them. Also my web server was redirecting all traffic to https however I have it redirect all traffic except for ./well-known/ . How do I get certbot to expand on the certificate?.

Closing, I created a wildcard certificate instead.

Obtaining a wildcard cert is not a solution to:

In order to actually fix that problem, I would start with the output of:
sudo apachectl -t -D DUMP_VHOSTS


Everything is working, webserver and email server.

"working" doesn't equal "all problems fixed".
We see that here all the time with Apache.
But I'll let you be; As you wish.

Cheers from Miami :beers: