I would like to generate a certificate for example.com and not www.example.com
Is that possible?
Yes.
Without details ( what your OS is, what client you are using etc.) I can’t provide details though - hence my answer is rather lacking in specifics and detal, as your question
Hi Serverco,
Thanks for the response.
I have a certificate within it I registered the domains like www.example.com, mail.example.com, ftp.example.com but not without subdomain just example.com
The DNS is pointing all to the same IP address.
I found out that some visitors are using just the domain without subdomain to visit our website.
So I changed apache conf to let also the traffic without domain thru.
That works except that the SSL certificate is not vallid in this case.
Ideally you want to generate a new certificate including all the domain names ( example.com, www.example.com, mail.example.com, ftp.example.com ) if I understand you correctly.
Yes. Can I change an existing certificate or do I have to create a new one?
You would register a “naked domain” (example.com
) the same way you you already registered the others. Just re-issue the cert and include example.com
as one of the SAN’s (subject alt names).
Thank yo all. I will renew the certificate
If you are using certbot then use the --expand option to expand the certificate to include the additional domain name.
Thanks for the tip! I will use the --expand option.
One more question I saw an example command in an other blog post with a naked domain.
It had a minus symbol before the name like -d -example.com
Do I have to put the minus symbol in front of the domainname?
no, not sure why it had that, If you can provide a link I’d be interested in seeing.
I tried to go thru the history of my browser to find that sample. But can’t find it anymore.
Anyway thanks for all the help.
As a reminder, currently in Certbot you need to list all of the domains (the old ones and the new one) when renewing this way. If you were to use only -d example.com
without mentioning the existing names, it wouldn’t work properly.
Using multiple -d hosts can associate multilple hosts with a single cert. Just leave off the www.example.com to generate a cert for the bare domain.
letsencrypt certonly --agree-tos --email=your-email --webroot -w /var/www/html -d example.com
Keep in mind, this can cause all manner of subtle problems depending on your Apache config + what terminal/final link your site uses (bare domain or www).
Also keep in mind, many tools + even some broken browsers will attempt prefetching www, if www has ever been referenced. This can also cause hard to debug problems.
Due to the bare domain + www complexities, most examples show bare domain + www using the same cert.
Unless you’re a Command Line Shell Savant, best use bare domain + www for your main site certs.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.