I just installed certbot and followed these instructions. I was prompted to add a domain name so I did. But now I’m trying to create another certificate for a new domain name, and I’m lost on how I would go about doing so
Now I want to create a certificate for api.example2.com, so I tried typing the same command again. But, I got a prompt asking me which names I would like to activate HTTPS for, with the only option being api.example1.com
and it said that I successfully received a certificate. But I did not get any of the prompts I had gotten earlier (like "would you like to redirect HTTP to HTTPS), and my domain doesn’t have HTTPS
Additionally, when I try the old command sudo certbot --apache, the list only has api.example1.com
Is the web server already configured with an HTTP virtual host for api.example2.com? For Certbot to suggest a hostname, it has to be configured -- and Certbot has to be able to understand the configuration.
The certonly command doesn't make any permanent changes to the web server configuration. (certonly --apache makes a temporary change to pass the validation.)
You can run Certbot again, without certonly, and it will offer to configure the web server. It should ask you whether you want to reuse the existing api.example2.com certificate or issue a new one; or you can pass the --reinstall option to stop it from asking.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/api.param.me/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/api.param.me/privkey.pem
Your cert will expire on 2019-06-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
But my site still doesn’t have HTTPS… Is there anything I have to do manually? Other guides show adding this to the site’s .conf file
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
Yes, the certonly command is intended for people who don’t want Certbot to install the certificate (because they prefer to install it themselves or because Certbot won’t know how to do it in their configurations). That’s why your original certificate was successfully installed by Certbot but your second certificate wasn’t—because by using certonly, you asked Certbot not to do so.