Certificate for second domain missing? (same IP)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: chelsealeventhal.net and www.chelsealeventhal.net

I ran this command: sudo certbot certonly -a manual -d chelsealeventhal.net -d www.chelsealeventhal.net --email my@email.address

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chelsealeventhal.net
http-01 challenge for www.chelsealeventhal.net

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Create a file containing just this data:


And make it available on your web server at this URL:


Press Enter to Continue

Create a file containing just this data:


And make it available on your web server at this URL:


Press Enter to Continue
Waiting for verification…
Resetting dropped connection: acme-v01.api.letsencrypt.org
Resetting dropped connection: acme-v01.api.letsencrypt.org
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2019-06-26. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Website is hosted on gitlab.com

The operating system my web server runs on is (include version): ?

My hosting provider, if applicable, is: gitlab.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. We are using a separate service for custom domain hosting though.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

So I thought I was creating 2 certificates for the two domains (which both point to the same IP address though). In the letsencrypt directory that was created, I can find only one of the domains. Or am I supposed to use the certificate and key for both of them?

Thanks a lot!

Hi @ariaru

you have created one certificate with both domain names ( https://check-your-website.server-daten.de/?q=chelsealeventhal.net ):

expires in 84 days	chelsealeventhal.net, 
www.chelsealeventhal.net - 2 entries

But your configuration is wrong: Your non-www uses that certificate. Your www use the gitlab-Certificate:

CN=*.gitlab.io, OU=Domain Control Validated
expires in 290 days	*.gitlab.io, gitlab.io - 2 entries

So change your configuration so both vHosts use the same certificate.


When you run one Certbot command, it issues one certificate.

If you create a new certificate by running "certbot -d example.com -d example.net", it issues a certificate that includes those two names and then saves it in a directory named "example.com" by default.

You can run "sudo certbot certificates" to display the certificates Certbot is managing, the directory names they're saved in, and the hostnames they actually cover.


Thanks a lot @JuergenAuer and @mnordhoff!

I wasn’t sure whether I could use the same certificate for both domains (was somehow expecting two different ones instead), so indeed I hadn’t added it to the www domain yet.

But great, it looks like it’s working now :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.