How to add a new cert to current site that already has certs?

My domain is: sekretyrozwojuosobistego.pl
On Ubuntu, and Nginx

This site has two certs, for domain and www.sekretyrozwojuosobistego.pl

I need to create a new subdomain. dev.sekretyrozwojuosobistego.pl . What is the best way to do that?

The cert renewal was done in this way (@griffin helped): Produced an unexpected error: Missing command line flag or config entry for this setting: - #29 by seekman

How should I proceed to add a new cert based on that information?
Would just a certbot certonly and put only the sudomain dev.sekretyrozwojuosobistego.pl when requested would be enough, or it would delete the old certs?

Also, I wish I could keep the same nginx configuration, I mean to not create new file/folders, but to update the existing ones:

        ssl_certificate /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem;

Please help how I can achieve that

Unfortunately, certbot doesn't have a good (or any at all) interface for adding or removing hostnames from an already existing certificate. This is already known to the certbot team but hasn't gotten much attention unfortunately.

The best way to add or remove a hostname from an already existing certificate, is to use the same command as you've used to get the certificate in the first place and add (or remove) the extra hostnames you want to add. It's also always a good idea to use --cert-name so certbot knows exactly which certificate to update, so you don't end up with two separate certs.

1 Like

I never did that. I think so... hmm..

Is that the right command?

sudo certbot certonly --cert-name sekretyrozwojuosobistego.pl-0001 --nginx -d "dev.sekretyrozwojuosobistego.pl" --dry-run

or maybe:
certbot --expand -d sekretyrozwojuosobistego.pl -d www.sekretyrozwojuosobistego.pl -d dev.sekretyrozwojuosobistego.pl

EDIT: I run the second one and it looks like it worked

1 Like

Could you please share the output of the command: certbot certificates

The fact you've got a certificate named with the "-0001" postfix tells me you might have duplicate certificates. That might be unnecessary.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.