Help adding/removing domain certificates


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: louisianaboilingpot.net and therareones.net

I ran this command: certbot certonly --expand -d louisianaboilingpot.net -d www.louisianaboilingpot.net -d therareones.net -d www.therareones.net

It produced this output: Successfully Created Certificates

My web server is (include version): Apache 2.4.35

The operating system my web server runs on is (include version): FreeBSD 11.2

My hosting provider, if applicable, is: Digital Ocean Droplet

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Questions:

Recently I added the following domains to my certificate - therareones.net and www.therareones.net. They were added successfully with the command issued above, however, I noticed I have only one certificate (louisianaboilingpot.net). Eventually, I may not want to own this domain (louisianaboilingpot.net) and thus remove the certificate. What happens to the other domains attached to this certificate? Additionally, what would happen to the directory /usr/local/etc/letsencrypt/live/louisianaboilingpot.net/ if the certificate was deleted or removed?

Also, is it possible to create multiple LE Certificates so that they exist under separate directories?

Thanks in advance,

Scott


#2

Certificates are only issued for 90 days.
The one certificate now should have all four names on it.
If you delete the certificate (via certbot command), the corresponding /live/ directory should also be deleted automatically; but you should realize that all four names will have no way to encrypt. So, you will have to then reissue cert(s) for the remaining names.
Yes, it is possible, and common, to have multiple certificates - each will have it’s own separate /live/ directory.


#3

rg305,

Thanks for the quick response. One question. To accomplish separate certificates with each in its own /live directory would you have to specify the --cert-path, --key-path, --fullchain-path and --chain-path on every certbot run?


#4

All that is automatic.
Simply run certbot once per separate cert.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.