How to add a domain to an existing set of certs using acme.sh?

My domain is: trillionpictures.com + starsandstrife.com

I ran this command: acme.sh --webroot /path/to/public_html --issue -d starsandstrife.com -d www.starsandstrife.com

It produced this output: Cert success

My web server is Apache

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: InMotionHosting.com

I can login to a root shell on my machine: No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is : acme.sh v2.8.6

I’ve got an existing set of certs in trillionpictures.com
Trying to add starsandstrife.com.
running the following doesn’t seem to be doing the trick:
acme.sh --webroot /path/to/public_html --issue -d starsandstrife.com -d www.starsandstrife.com
That seems to sets itself up as its own independent cert separate from the others, and which, if installed, uninstalls all the others. So ideally instead of ‘–issue’ I’l looking for something more along the lines of ‘–add-to’

I’m not sure that there exists a command to achieve that.

Last time I had to do this, I modified the Le_Alt= line (which contains the list of alternate domains) in the ~/.acme.sh/$DOMAIN/$DOMIAN.conf file, and then forced a renewal.

@Neilpang is there a better way?

I tried that as well, and it didn’t work. Or rather attempted to do that. Will re-try.

Thanks for the suggestion.

I don’t think that is a possible choice/action.

Please show the output of:
{whatever may be needed here}acme.sh --list

You might have to delete the existing .csr (and modify the .csr.conf maybe?), if it’s there.

Be careful trying again, you could blow through rate limits accidentally.

It sounds like all you need to do is --issue a new cert will ALL the names you want on it.
Then --remove all the certs you no longer need.
[--remove will not actually delete anything (cert&key), it only removes it from the “list” disabling things like --renew-all]

Please show the output of acme.sh --list

Main_Domain KeyLength SAN_Domains Created Renew born2.run "" www.born2.run,starsandstrife.com,www.starsandstrife.com Wed Sep 16 23:57:51 UTC 2020 Sun Nov 15 23:57:51 UTC 2020 longplay.trillionpictures.com "" www.longplay.trillionpictures.com Sun Aug 30 07:13:05 UTC 2020 Thu Oct 29 07:13:05 UTC 2020 munich72.trillionpictures.com "" www.munich72.trillionpictures.com Sat Aug 1 07:01:52 UTC 2020 Wed Sep 30 07:01:52 UTC 2020 runwithme.trillionpictures.com "" www.runwithme.trillionpictures.com Sat Aug 1 07:02:14 UTC 2020 Wed Sep 30 07:02:14 UTC 2020 sevendeadlysins.trillionpictures.com "" www.sevendeadlysins.trillionpictures.com Sat Aug 1 07:02:27 UTC 2020 Wed Sep 30 07:02:27 UTC 2020 starsandstrife.com "" www.starsandstrife.com Thu Sep 17 00:29:28 UTC 2020 Mon Nov 16 00:29:28 UTC 2020 trillionpictures.com "" www.trillionpictures.com,totallypostal.net,www.totallypostal.net,starsandstrife.com,www.starsandstrife.com,feathercollectionproject.com,www.feathercollectionproject.com,www.born2.run,born2.run,fixitamerica.org,www.fixitamerica.org,keeperofthedream.net,www.keeperofthedream.net,opq-design.com,www.opq-design.com,radical4.media,www.radical4.media,radical4media.com,www.radical4media.com,samself.com,www.samself.com,savingbarbarasizemore.com,www.savingbarbarasizemore.com Sun Aug 30 08:18:16 UTC 2020 Thu Oct 29 08:18:16 UTC 2020 www.trillionpictures.com "" no Sat Aug 1 07:04:38 UTC 2020 Wed Sep 30 07:04:38 UTC 2020

And what are the names you need to “join” into a single cert?

? ? ?

And what are the names you need to “join” into a single cert?

starsandstrife.com & www.starsandstrife.com

(which are already there)

Those two names already exist in three certs:
born2.run
starsandstrife.com
trillionpictures.com

What am I missing?

From what I’m reading, the problem is with your use of the certs.
You need to be clear on which cert to use with which domain name.

From what I can tell, you can already cover all the names with these certs (and --remove all the rest):

longplay.trillionpictures.com 			Sun Aug 30 07:13:05 UTC 2020 Thu Oct 29 07:13:05 UTC 2020 
munich72.trillionpictures.com 			Sat Aug 1 07:01:52 UTC 2020 Wed Sep 30 07:01:52 UTC 2020 
runwithme.trillionpictures.com 			Sat Aug 1 07:02:14 UTC 2020 Wed Sep 30 07:02:14 UTC 2020 
sevendeadlysins.trillionpictures.com 	Sat Aug 1 07:02:27 UTC 2020 Wed Sep 30 07:02:27 UTC 2020 
trillionpictures.com 					Sun Aug 30 08:18:16 UTC 2020 Thu Oct 29 08:18:16 UTC 2020 

Those two names already exist in three certs:
born2.run
starsandstrife.com
trillionpictures.com

If I’m understanding correctly, you’re saying they have been issued previously and separately. If so, very possible. In the case of starsandstrife, most definitely, on a different account / server which apparently crashed this morning. They’ve been unable to revive it, so I moved the site over to this shared hosting account.

If there is a way to revoke / remove prior certs, I’m happy do do it.

Never REVOKE without having a real reason for that (like a compromise).

Yes, with:
{whatever may be needed here}acme.sh --remove certname
[the certname is the first field in the output of --list]

From what I can tell, you can already cover all the names with these certs

The problem occurs not when running acme.sh (which shows ‘starsandstrife’ as included) but when I’m in cPanel > SSL/TLS managing the SSL hosts.
There the starsandstrife is listed but as a certificate not installed. Attempting to install it using ‘trillionpicures.com’ doesn’t work. Attempting to install it using ‘starsandstrife’ does work, except that in doing so all the certs under trillionpictures that had been working cease working. ??

Does your cPanel support getting the certs by itself?
[why do you need acme.sh?]

Does your cPanel support getting the certs by itself?

If you mean can cPanel do the SSL automatically: No.

If you mean can I choose the domain directly and install for that cert? Yes. cPanel suggests it’s working, but loading the site in the browser indicates it does not (even after clearing cache etc)

The last cert seems a bit off too:

www.trillionpictures.com "" no Sat Aug 1 07:04:38 UTC 2020 Wed Sep 30 07:04:38 UTC 2020

The name is “www.trillionpictures.com” and the (FQDN) names covered are "no"

So how best to clear up?