Certificate for WWW and non-WWW


I have generated SSL certificate like so:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
./letsencrypt-auto certonly --standalone

Then I was asked for email … and a domain name. I entered ‘mydomain.com

I figured out that I could enter multiple domains to be included in one certificate using different approach. E.g.:
sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

Could I have entered multiple domains when I was promoted for them in a dialog or now I need to regenerate using a different approach?

Do I need to remove previous letsencrypt installation before going new way?


You could just add -d sub1.domain.com -d sub2.domain.com when you generated the original cert. If you want to expand it now to include more you can use the --expand flag.

So I mean the re-run the same command you originally ran but now add more -d for each extra sub-domain you need and then use the --expand flag at the end. It will update the cert for you to include all those sub-domains.

If you want those sub-domains to be separate web sites then simply generate standalone certs for them as you did originally so they each have their own SSL certificate.

--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.

See the docs and keep it handy it has everything you need.


I ran this command ./letsencrypt-auto certonly --standalone
Do I need to run it again with -d domain.com -d www.domain.com?
e.g.: ./letsencrypt-auto certonly --standalone --expand -d domain.com -d www.domain.com


Run it as follows

sudo ./certbot-auto certonly --standalone -d originaldomain.com -d www.originaldomain.com -d new.originaldomain.com -d new2.originaldomain.com -d new3.originaldomain.com --dry-run

Then you will see it tell you about expanding your original cert … NOTE: use the –dry-run flag for testing if it gives you the correct output without errors then re-run the same command and remove –dry-run from the end.

Also note that ./certbot-auto is the new official command, ./letsencrypt-auto has been deprecated.

Also bare in mind as I said if you want all those sub-domains to be different web sites then you should generate individual certs for them rather than expanding your main certificate.


Did the trick! Thanks!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.