Correct way to Add new domains for Lets Encrypt on Debian 9

I have a server on Linode with 1-click install (Debian 9) .

After that I install Lets Encrypt by following Certbot official procedures.

Everything works ok without any error. However, when i add another domain to the same server, it get warning by saying this new site is "Not Secure"

By checking the following files


I only manage to see So i think this is the main reason for the to receive a warning "Not Secure"

I can’t find the official docs for add new domains on

What i found the most likely to be the correct way to add new domains are this command line

sudo -H ./letsencrypt-auto certonly --standalone -d -d

However, i don’t dare to test it yet because I am afraid it may get error and cause the whole server not working. By then, my 1stdomain will also be effected.

Anyone can advice ?

If you’d like to update your existing certificate to be valid for both domains, then you can do it like:

sudo -H ./letsencrypt-auto certonly --standalone \
--cert-name -d -d

Assuming that your existing certificate in /etc/letsencrypt/live is called

The key is using --cert-name so that you update the existing certificate rather than creating a new one with a separate name.


thanks for your instant reply. Just like what you have mentioned, I want to

" update myexisting certificate to be valid for both domains"

So i will follow your coding

sudo -H ./letsencrypt-auto certonly --standalone \
--cert-name -d -d

On top of that, do I need to add something like & ?

If you need those www subdomains as well, you can add additional -d parameters, following the example of the first two domains:

-d -d -d -d 

You can include 100 domains/subdomains per certificate, in this manner.


ok ! thanks for the info. So far I don’t have subdomain yet. All the traffic will be direct to… and

--cert-name -d -d

I am totally new to this. Just to double confirm –cert-name , <- is the “name” in this command need to be some word that I set when creating the certificate ?

The name matches the name of your existing certificate in the live directory.

So if you have /etc/letsencrypt/live/ already, you would use --cert-name

1 Like

great! let me try now, i will update here very soon.

hello! When i excute the command you have given in Putty. I got this error… Can you help?

sudo: ./letsencrypt-auto: command not found

Uh, well it depends how you installed Certbot. I just copied your example from your first post.

If you followed the instructions from the page that you linked originally, then you would instead run:

sudo certbot


1 Like

Ok… So that means the correct command line should be this?

sudo certbot certonly --standalone \ --cert-name -d -d

Yes (though you can get rid of the \ - it’s only needed for a line break).

Make sure you stop any running webservers first, since they will conflict with --standalone.


" Make sure you stop any running webservers first, since they will conflict with --standalone ."

I get confused about this… can you explain more? I have no idea of “–standalone”

Your sample command contains --standalone. With this option, Certbot creates its own temporary web server on port 80 in order to prove your control over your domain names. That conflicts with any existing web server that normally listens on port 80.


thx for your reply. I think i made a mistake because this line of coding i copy from elsewhere. Let me share with more details when creating this cert on a fresh install 1 month ago. Bascially, i follow Certbot official docs

sudo apt-get install certbot python-certbot-apache -t stretch-backports
sudo certbot --apache
sudo certbot certonly --apache
sudo certbot renew --dry-run

So to add new domain to the existing server with same cert. what should be the correct command line? Should i replace “standalone” with “apache” ?

sudo certbot certonly --apache --cert-name -d -d

That is fine, and you might not want to include certonly if you want Certbot to try to configure your Apache server with the new certificate.

1 Like

Ok. just to final confirm this line of command should be correct right?

Yes, supposing that /etc/letsencrypt/live only lists and that your existing certificate doesn’t cover any other names, including the www subdomains.

1 Like

yup , currently, the server only 1 domain which is and no other subdomains

hello schoen! If i want to add third domain ,

sudo certbot --apache --cert-name -d -d -d

OR the below ?

sudo certbot --apache --cert-name -d -d

is this the right way? Please advice :grinning: ( /etc/letsencrypt/live only lists

It depends whether you want the certificate to cover as well. When you run this command, your existing certificate will be replaced with one covering all of the names that you list via -d options. If you include new domains with -d that weren’t covered by the old certificate, they will be included. If you omit existing domains that were covered by the old certificate, they will be excluded.