Hi @codeman1234,
@motoko already explained how it works and your alternatives so I just want to answer this question:
The easy way and following the same approach as the doc you pointed out, the first thing you should check is the cert name, the one which have your 2 domains mydomain.com
and www.mydomain.com
cd /usr/local/letsencrypt
sudo ./letsencrypt-auto certificates
This command will give you a list of the certificates you own, something like this:
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: sub.example.com
Domains: sub.example.com
Expiry Date: 2017-08-07 17:28:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/sub.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sub.example.com/privkey.pem
Certificate Name: mydomain.com
Domains: mydomain.com www.mydomain.com
Expiry Date: 2017-08-07 18:24:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem
-------------------------------------------------------------------------------
Here are 2 certificates, you should pay attention to the Domains, the certificate that has your 2 domains and remember the Certificate Name you see in that output, in this case, the Certificate Name is mydomain.com
. We will use this name to expand or new certificate containing the cdn domain.
So, if you issued your first cert containing both domains like this:
cd /usr/local/letsencrypt
sudo ./letsencrypt-auto --apache -d mydomain.com -d www.mydomain.com
Now you should add the parameter --cert-name
using the Certificate Name that we saw above and the new domain
cd /usr/local/letsencrypt
sudo ./letsencrypt-auto --apache --cert-name mydomain.com -d mydomain.com -d www.mydomain.com -d cdn.mydomain.com
And letsencrypt-auto will ask if you want to update the certificate:
-------------------------------------------------------------------------------
Confirm that you intend to update certificate mydomain.com to include domains
[u'mydomain.com', u'www.mydomain.com', u'cdn.mydomain.com']. Note that it previously
contained domains [u'mydomain.com', u'www.mydomain.com'].
-------------------------------------------------------------------------------
(U)pdate cert/(C)ancel: U
Just answer U to update and wait till the new cert is issued and you will have a new cert containing the 3 domains in the same place as the previous one.
Just in case, always backup /etc/letsencrypt/ just in case ;).
I hope this helps.
Cheers,
sahsanu