How can I easily make the Base Name and Common Name the same?

I Virtual Host severals websites using Cento 6 and Apache. It wasn’t too difficult installing and using certbot-auto for the first time but I do have a question.

Is there an easy way to set the Base Name and Common Name (CN) from the command line. This worked fine for setting the Base Name, but the Common Name was still picked, alphabetically?

certbot-auto --apache --cert-name example.com

I’ve read in the forum that I need to create a list of all the domains manually, but I’ve seen conflicting info too.

The common name is set to is the first domain provided to the command.

For example, certbot run --apache -d bdomain.com -d adomain.com will use bdomain.com as the common name.

To change it, run something like:

certbot-auto run --certname yourcertnamedomain.com -d thedomainyouwantforthecommonname.com -d anotherdomain.com -d yetanotherdomain.com [...]

You must list all your domains over again when doing this.

2 Likes

I’ll give that a try. How is the domain list built on renewal? Is there a text file somewhere that I can edit the order in or should I always specify all of the domains in the cron job?

Would this retain the Base Name and Common Name once I’ve got it set right?

./path/to/certbot-auto renew

It is stored in the renewal configuration file, but you should not modify this file directly. Using certbot with the --cert-name option as described earlier will create a new certificate with the desired values and then update that file for you. and is the only way to update the domain list, as certbot just reads them from your last certificate.

[Thanks to schoen for the correction.]

It is not necessary nor is it recommended to run a full certbot issuance command in a cronjob. Instead...

...this is indeed what your cronjob should do.

This command checks your certificate's expiration date and only renews it 30 days in advance of expiry, so you should run it every day to make sure your certificates are renewed on time, even if there's an outage one day.

1 Like

Domains normally aren’t stored there, just in the certificate itself:

2 Likes

Thanks so much for the tips Seth & T.C. Hollingsworth.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.