Certificates being saved on wrong folder


I’m using this script to generate/renew my certficates (but I don’t think it is related to my issue).

I previously had a certificate to ‘domain1.com, www.domain1.com, domain2.com,www.domain2.com’, that was saved in domain1.com folder. For all I’ve seen, this is the expected bahavior, to save on a folder named like the first domain.

But then, I decided to --expand my certificate to the following: ‘domain1.com, www.domain1.com, domain3.com,www.domain3.com, domain4.com, www.domain4.com, domain5.com, www.domain5.com, domain2.com,www.domain2.com’’.
And the certificate was saved on domain3.com folder.

Thats a problem, because my script sends the certificate elsewhere and it expects to find the certificate in the first domain folder.
Is this behaviour expected? I mean, the certificate not always end up being saved on the first domain folder?

Hi @CarlaTeo,

The --expand behavior could choose any existing cert that contains a subset of the domain names that you’re requesting, unless you specify a particular one using --cert-name.


I think the expanded cert is actually a new cert and then goes by the placement rules - which I think uses the first name alphabetically; which probably changed due to one of the newly added names being first in line.

I also understand the logic behind expand should expand not create another.
But if all things are automatically pointed to the new folder, what fails?
You mention a script that expects to find the new cert in the first folder…
But don’t give much detail on the purpose of the script.
Maybe there is something already built-in to cover your scripts needs.

1 Like

Thanks! That did the job.

1 Like

I’ve created a few certificates before and it has always been used the first domain (even if its wasn’t the first alphabetically).

However, in this case domain3.com was indeed the first alphabetically. So maybe only the extend flag induces this behavior.

I generate the certificate for multiple servers in a central one. So after that I copy the elements from letsencrypt/live/mydomain.com to the others, and I was using the first domain as the folder.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.