Changed my mind


#1

Hi,

I created a certificate for my domain @ domain dot com but now I want a SAN certificate to cover www dot domain dot com as well.

What are my options?

I am thinking that I can do
a) Request a 2nd certificate for www dot domain dot com
b) Revoke my current certificate and be issued a new SAN certificate covering domain dot com and www dot domain dot com

Suggestions are welcome

Thanks.


#2

Revocation isn’t needed here. That’s something you’d do if your private key is compromised.

Your best option is to re-use the command you used to get the certificate originally, and add another -d flag with the additional domain, plus --expand in order to tell the client to replace the existing certificate. That will give you a SAN certificate covering both domains.


#3

Thanks for the info @pfg. I did not use the certbot client but the gethttpsforfree website instead. Is there any option to do this without the official client?


#4

Certbot is the official client. It depends if you have root access to use that though.

Using the gethttpsforfree website you’d need to just obtain another certificate.

Alternatively there are various alternate clients which might enable you to automate things more effectively than the manual method via gethttpsforfree.


#5

Thanks for the info, will investigate alternate clients for options similar to “expand” in the official client.