How to add a domain to an existing set of certs using acme.sh?

  1. ensure cPanel is NOT using that cert.
    It can use the “trillionpictures.com” cert instead
  2. --remove the cert:
    {whatever may be needed here}acme.sh --remove www.trillionpictures.com

OK, done. But didn’t resolve the issue.

in cPanel when installing ‘trillionpictures.com’ it throws this note…

The SSL website is also accessible via these domains, but the certificate does not support them. Web browsers will show a warning when accessing these domains via HTTPS: starsandstrife.com

That flies in the face of:

trillionpictures.com "" www.trillionpictures.com,totallypostal.net,www.totallypostal.net,starsandstrife.com,www.starsandstrife.com,feathercollectionproject.com,www.feathercollectionproject.com,www.born2.run,born2.run,fixitamerica.org,www.fixitamerica.org,keeperofthedream.net,www.keeperofthedream.net,opq-design.com,www.opq-design.com,radical4.media,www.radical4.media,radical4media.com,www.radical4media.com,samself.com,www.samself.com,savingbarbarasizemore.com,www.savingbarbarasizemore.com Sun Aug 30 08:18:16 UTC 2020 Thu Oct 29 08:18:16 UTC 2020 

Which includes:
starsandstrife.com,www.starsandstrife.com

Check you cPanel config for that domain - it might need to be using this same cert (not sure).

That flies in the face of: [etc]

My feeling exactly.

Check you cPanel config for that domain - it might need to be using this same cert (not sure).

That’s exactly the intention, but it seems not to be the case, and I’m not aware of how I can have control over that.

cPanel not happy with the change:

please use --issue to issue a new cert again.

There is no recommended way to append a domain to an existing cert.

1 Like

please use --issue to issue a new cert again.

Done that multiple times. No luck.
Could it be that because the cert was issued on a different server, the one that went down this morning, that it’s somehow stuck in limbo now that there is no longer access to that machine?

trillionpictures.com seems to be OK.
But it is using a completely different cert than any listed by acme.sh:


[includes additional domain names and expires Nov 28 - none of your certs expire that day]

There is some other system involved that is also issuing certs.
OR
You are NOT on the same system… Internet IP 74.124.198.78
OR
cPanel doesn’t use the certs directly from the acme.sh folder
[did you miss a step between get cert and use cert with cPanel?]

Yeah, I’m not seeing it listed in in the grab you posted, nor on my end.
cPanel allows me to select the starsandstrife domain directly and install that, and all seems to go well BUT it checking it in a browser fails.

“Where is cPanel selecting from?” is the key question here.
And then, naturally, “How do you get your new certs into that location?”

I’m assuming it’s looking in the .acme.sh directory. Beyond that I don’t know cPanel’s inner thoughts.

I have to assume otherwise.

  1. acme.sh is not included as a standard install with cPanel.
  2. a cert in use (shown above) did not come from the acme.sh --list

There’s been no cert installation available through this cPanel.
But I’ve been installing certs on this server for many years first using certbot on a local machine to generate and then upload the certs, more recently in an automated way using acme.sh and a cron. It’s been working well and reliably with acme.sh, until this morning’s big server meltdown.

I found an ancient post that says they may be located here:

/usr/share/ssl/private/
/usr/share/ssl/certs/

Try listing those folders.

Can you show the cron job?

ls -al /usr/share/ssl

Results: cannot access /usr/share/ssl: No such file or directory

After you show the cron job.
Try:
find / -name certs

Cron job: "~/.acme.sh"/acme.sh --cron --home "~/.acme.sh" > /dev/null

Well that’s just for renewals (normally)…

I came across this:

/root/.acme.sh/deploy/cpanel_uapi.sh

But I’m not sure how to use it nor if your system is using it.