How to add domain to the certificate?


#1

I installed letsencrypt certificate and during the installation it asked me if i want to add certificate to domain.com, or www.domain.com, or both and i choose the second option www.domain.com. Now i want to add certificate to domain.com also. How to do that?


#2

try:
certbot renew -d domain.com -d www.domain.com


#3

It didn’t worked. Also i get this message:

Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.


#4

try
certbot renew --expand domain.com,www.domain.com
or
certbot renew --cert-name www.domain.com -d domain.com,www.domain.com

if all else fails delete the existing cert and reissue a new cert with both names.


#5

For the first command i get error:

certbot: error: unrecognized arguments: domain.com,www.domain.com

The second also didn’t worked and i get the same message as the one i posted above.

How to delete existing certificate?


#6

show the cert(s):
certbot certificates


#7

This is what ‘certbot certificates’ shows:

Found the following certs:
Certificate Name: www.domain.com
Domains: www.domain.com
Expiry Date: 2018-08-05 12:02:35+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain.com/privkey.pem

Do i have to delete /etc/letsencrypt/ directory?


#8

No.

Try:
certbot delete --cert-name www.domain.com
then check that it is gone:
certbot certificates

If gone, then reissue a new cert and choose both names.


#9

I deleted the certificate.
Just to be sure, is this the right way to install the certificate:

sudo certbot --apache


#10

It can be one right way, if you’re using Certbot and Apache.

Is it the command you used to create the certificate before? If so, you can use it again.

If you select a superset of the names you chose before – with -d arguments, or interactively – it will be happy to replace the existing certificate.

It’s not necessary to delete the existing certificate first.

Actually, if Apache is currently configured with certificate files that no longer exist, it will fail to reload or restart until it’s fixed. What’s best depends on what you’ve done earlier, but you could restore a backup, or use “certbot certonly --webroot” to issue new certificates without reloading Apache, or use “certbot rollback” to undo the Apache configuration changes, or disable virtual hosts or edit the Apache configuration on your own. (Those commands may require additional arguments.)


#11

It worked with the command ‘sudo certbot --apache’. But i had to delete the ssl virtual host file otherwise apache wouldn’t start.


#12

These commands are invalid. certbot renew can’t modify the certificates that it’s asked to renew. Only certbot certonly or certbot run can do that.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.