Certificate for WWW and non-WWW

I have generated SSL certificate like so:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
./letsencrypt-auto certonly --standalone

Then I was asked for email … and a domain name. I entered ‘mydomain.com

I figured out that I could enter multiple domains to be included in one certificate using different approach. E.g.:
sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

Could I have entered multiple domains when I was promoted for them in a dialog or now I need to regenerate using a different approach?

Do I need to remove previous letsencrypt installation before going new way?

You could just add -d sub1.domain.com -d sub2.domain.com when you generated the original cert. If you want to expand it now to include more you can use the --expand flag.

So I mean the re-run the same command you originally ran but now add more -d for each extra sub-domain you need and then use the --expand flag at the end. It will update the cert for you to include all those sub-domains.

If you want those sub-domains to be separate web sites then simply generate standalone certs for them as you did originally so they each have their own SSL certificate.

--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.

See the docs and keep it handy it has everything you need.

I ran this command ./letsencrypt-auto certonly --standalone
Do I need to run it again with -d domain.com -d www.domain.com?
e.g.: ./letsencrypt-auto certonly --standalone --expand -d domain.com -d www.domain.com

Run it as follows

sudo ./certbot-auto certonly --standalone -d originaldomain.com -d www.originaldomain.com -d new.originaldomain.com -d new2.originaldomain.com -d new3.originaldomain.com --dry-run

Then you will see it tell you about expanding your original cert … NOTE: use the –dry-run flag for testing if it gives you the correct output without errors then re-run the same command and remove –dry-run from the end.

Also note that ./certbot-auto is the new official command, ./letsencrypt-auto has been deprecated.

Also bare in mind as I said if you want all those sub-domains to be different web sites then you should generate individual certs for them rather than expanding your main certificate.

2 Likes

Did the trick! Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.