Correct way to Add new domains for Lets Encrypt on Debian 9

I have a server on Linode with 1-click install (Debian 9) .

After that I install Lets Encrypt by following Certbot official procedures.

https://certbot.eff.org/lets-encrypt/debianstretch-apache

Everything works ok without any error. However, when i add another domain to the same server, it get warning by saying this new site is "Not Secure"

By checking the following files

/etc/letsencrypt/live

I only manage to see my1stdomain.com So i think this is the main reason for the my2nddomain.com to receive a warning "Not Secure"

I can’t find the official docs for add new domains on certbot.eff.org

What i found the most likely to be the correct way to add new domains are this command line

sudo -H ./letsencrypt-auto certonly --standalone -d my2nddomain.com -d www.my2nddomain.com

However, i don’t dare to test it yet because I am afraid it may get error and cause the whole server not working. By then, my 1stdomain will also be effected.

Anyone can advice ?

If you’d like to update your existing certificate to be valid for both domains, then you can do it like:

sudo -H ./letsencrypt-auto certonly --standalone \
--cert-name my1stdomain.com -d my1stdomain.com -d my2stdomain.com

Assuming that your existing certificate in /etc/letsencrypt/live is called my1stdomain.com.

The key is using --cert-name so that you update the existing certificate rather than creating a new one with a separate name.

1 Like

thanks for your instant reply. Just like what you have mentioned, I want to

" update myexisting certificate to be valid for both domains"

So i will follow your coding

sudo -H ./letsencrypt-auto certonly --standalone \
--cert-name my1stdomain.com -d my1stdomain.com -d my2stdomain.com

On top of that, do I need to add something like www.my1stdomain.com & www.my2nddomain.com ?

If you need those www subdomains as well, you can add additional -d parameters, following the example of the first two domains:

-d my1stdomain.com -d my2stdomain.com -d www.my1stdomain.com -d www.my2stdomain.com 

You can include 100 domains/subdomains per certificate, in this manner.

1 Like

ok ! thanks for the info. So far I don’t have subdomain yet. All the traffic will be direct to my1stdomain.com/… and my2nddomain.com/

--cert-name my1stdomain.com -d my1stdomain.com -d my2stdomain.com

I am totally new to this. Just to double confirm –cert-name , <- is the “name” in this command need to be some word that I set when creating the certificate ?

The name matches the name of your existing certificate in the live directory.

So if you have /etc/letsencrypt/live/my1stdomain.com already, you would use --cert-name my1stdomain.com.

1 Like

great! let me try now, i will update here very soon.

hello! When i excute the command you have given in Putty. I got this error… Can you help?

sudo: ./letsencrypt-auto: command not found

Uh, well it depends how you installed Certbot. I just copied your example from your first post.

If you followed the instructions from the certbot.eff.org page that you linked originally, then you would instead run:

sudo certbot

etc

1 Like

Ok… So that means the correct command line should be this?

sudo certbot certonly --standalone \ --cert-name my1stdomain.com -d my1stdomain.com -d my2stdomain.com

Yes (though you can get rid of the \ - it’s only needed for a line break).

Make sure you stop any running webservers first, since they will conflict with --standalone.

2 Likes

" Make sure you stop any running webservers first, since they will conflict with --standalone ."

I get confused about this… can you explain more? I have no idea of “–standalone”

Your sample command contains --standalone. With this option, Certbot creates its own temporary web server on port 80 in order to prove your control over your domain names. That conflicts with any existing web server that normally listens on port 80.

1 Like

thx for your reply. I think i made a mistake because this line of coding i copy from elsewhere. Let me share with more details when creating this cert on a fresh install 1 month ago. Bascially, i follow Certbot official docs

sudo apt-get install certbot python-certbot-apache -t stretch-backports
sudo certbot --apache
sudo certbot certonly --apache
sudo certbot renew --dry-run

So to add new domain to the existing server with same cert. what should be the correct command line? Should i replace “standalone” with “apache” ?

sudo certbot certonly --apache --cert-name my1stdomain.com -d my1stdomain.com -d my2stdomain.com

That is fine, and you might not want to include certonly if you want Certbot to try to configure your Apache server with the new certificate.

1 Like

Ok. just to final confirm this line of command should be correct right?

Yes, supposing that /etc/letsencrypt/live only lists my1stdomain.com and that your existing certificate doesn’t cover any other names, including the www subdomains.

1 Like

yup , currently, the server only 1 domain which is my1stdomain.com and no other subdomains