I recently wanted to add another domain to an existing SSL certificate on a server and it broke a few things and overwrote my 000-default-le-ssl.conf file.
I would like to know the correct steps for simply adding another domain name to an existing Lets Encrypt SSL certificate.
My scenario is that I simply want to point another domain to the same directory/folder to have both domains reaching the same content, such as
I did not save the responses, but it did not work.
I then ran this command, which did actually add the second domain, but I had many issues with 000-default-le-ssl.conf and other issues I do not recall…
As this is on a production server, I’d like to know what the correct command would be to simply add another domain to an existing, working SSL cert that will point to the same directory. I’d rather have the correct command than “trying” things and making a mistake on a live server.
The way to add a domain with Certbot is to reissue the certificate with a complete list of all of the names that should be covered in the new certificate. There's no command that adds a domain without the need to respecify the old names.
The different commands that you're using have very different strategies and effects that are totally unrelated to the effort to add a domain. I would suggest consulting the documentation to decide which approach you want to use (for example --standalone and --apache are doing quite different things). Then, you can issue a certificate that covers all of the names that you want using that approach.
In your post you described encountering errors from some Certbot commands but you said you don't remember what the errors were. If you post the specific errors here, we can try to explain what they mean and what can be done about them. Again, this is probably not related to your effort to add a domain.
@schoen Thank you for your prompt reply, much appreciated.
Based on your reply (to re-issue the cert with both domains), I would have thought then that this command would have given the correct result, which was to just add another domain to the existing cert (with sales.domain.com being the existing domain).
Would that not have re-issued the certificate with the old domain and new one?
As mentioned, I have one domain that currently has an SSL cert that points to the folder /var/www/html and I want to add another one that points to the same folder, so essentially I have two different domains that point to the same folder on the same server.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for sales.existingdomain.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
I get this and I do not know what to select as I do not want to enter a new webroot.
Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sales.existingdomain.com
http-01 challenge for sales.newdomain.com
Select the webroot for sales.existingdomain.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): c
Cleaning up challenges
