How to add a new cert to current site that already has certs?

seekman · August 8, 2021, 7:00pm

My domain is: sekretyrozwojuosobistego.pl
On Ubuntu, and Nginx

This site has two certs, for domain and www.sekretyrozwojuosobistego.pl

I need to create a new subdomain. dev.sekretyrozwojuosobistego.pl . What is the best way to do that?

The cert renewal was done in this way (@griffin helped): Produced an unexpected error: Missing command line flag or config entry for this setting: - #29 by seekman

How should I proceed to add a new cert based on that information?
Would just a certbot certonly and put only the sudomain dev.sekretyrozwojuosobistego.pl when requested would be enough, or it would delete the old certs?

Also, I wish I could keep the same nginx configuration, I mean to not create new file/folders, but to update the existing ones:

        ssl_certificate /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem;

Please help how I can achieve that

Osiris · August 8, 2021, 7:22pm

Unfortunately, certbot doesn't have a good (or any at all) interface for adding or removing hostnames from an already existing certificate. This is already known to the certbot team but hasn't gotten much attention unfortunately.

The best way to add or remove a hostname from an already existing certificate, is to use the same command as you've used to get the certificate in the first place and add (or remove) the extra hostnames you want to add. It's also always a good idea to use --cert-name so certbot knows exactly which certificate to update, so you don't end up with two separate certs.

seekman · August 8, 2021, 7:39pm

I never did that. I think so... hmm..

Is that the right command?

sudo certbot certonly --cert-name sekretyrozwojuosobistego.pl-0001 --nginx -d "dev.sekretyrozwojuosobistego.pl" --dry-run

or maybe:
certbot --expand -d sekretyrozwojuosobistego.pl -d www.sekretyrozwojuosobistego.pl -d dev.sekretyrozwojuosobistego.pl

EDIT: I run the second one and it looks like it worked

Osiris · August 8, 2021, 8:20pm

Could you please share the output of the command: certbot certificates

The fact you've got a certificate named with the "-0001" postfix tells me you might have duplicate certificates. That might be unnecessary.

system · September 7, 2021, 8:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to add a new certificate to a new website? Help	2	212	July 6, 2024
How to add a subdomain to my existing SSL certificate secured by Certbot on Ubuntu 22.04? Help	7	3098	September 21, 2023
Add new subdomains Help	3	444	August 2, 2021
Add new domains to exisiting cert that's already have multiple domains on hosting Help	2	507	December 21, 2019
Adding domains to current certificate Server	10	6638	October 19, 2017

How to add a new cert to current site that already has certs?

Related topics