Changing or adding domain name after obtaininng SSL certificate


#1

Just installed “Nextcloud” under Ubuntu 16.04 (Apache2) in a Hyper-v VM on a Windows machine. Obtained an ssl certificate through LetsEncrypt associated with my domain mc-ms.net.

During setup, I used my basic domain name “mc-ms.net”. I can now access my Nextcloud installation via “https://xxxx.net” .

QUESTION:

Instead of giving users the mc-ms.net address, I want to use “cloud.mc-ms.net”.

When I try to use the cloud.mc-ms.net URL I receive the following message:

The certificate is only valid for mc-ms.net

Is there a way to associate the already-acquired ssl certificate with “cloud.mc-ms.net” instead of "mc-ms.net?

Also, assuming I can make the change to use “https://cloud.mc-ms.net” instead of “mc-ms.net” how can I disable “mc-ms.net” so that it no longer directs to my Nextcloud installation?


#2

Hi @scooter2,

This requires issuing a new certificate. The same certificate can cover up to 100 separate names. So you should be able to request a certificate covering both mc-ms.net and cloud.mc-ms.net, and then the browser should accept the certificate when you access the service under the latter name.


#3

The routine/script that I ran to obtain the original certificate seems to not be able to run a second time. That script was:

sudo /var/scripts/activate-ssl.sh

I think the script was installed along with Nextcloud, but not certain of that. Anyway, it doesn’t appear that it can be run a second time (maybe was deleted?).

So, how do I delete my existing certificate and create another one? Pretty sure that I read that I first have to disable ssl and then delete the existing cert[s] before I can create a new one.

And, what script/command do I run to obtain a new script?


#4

Try:
sudo nextcloud.enable-https lets-encrypt

or you could try to temporarily shutdown nextcloud and use certbot in standalone mode.
And then manually insert the new cert via:
sudo nextcloud.enable-https custom -s $cert $private-key $fullchain

If that works you might be able to use :443 for nextcloud and :80 for just certbot renewals and not have to shutdown nextcloud when renewing.


#5

Good info. Thanks. I think I need to modify a Nextcloud configuration fill also, to add the new domain as a “Trusted Domain”. I think I know which file it is, and how to do it. But not sure if I need to do it before creating a new certificate or after. I’m inquiring within the nextcloud community on that question.

Thanks for the two script command options (if they’re called "scripts). I’ll try those once I get confirmation about my remaining Nextcloud “Trusted Domains” question.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.