How to create certificate for new domain


#1

I just installed certbot and followed these instructions. I was prompted to add a domain name so I did. But now I’m trying to create another certificate for a new domain name, and I’m lost on how I would go about doing so

Earlier I had done:

sudo certbot --apache

and added api.example1.com

Now I want to create a certificate for api.example2.com, so I tried typing the same command again. But, I got a prompt asking me which names I would like to activate HTTPS for, with the only option being api.example1.com

So I tried

sudo certbot certonly -d api.example2.com --apache

and it said that I successfully received a certificate. But I did not get any of the prompts I had gotten earlier (like "would you like to redirect HTTP to HTTPS), and my domain doesn’t have HTTPS

Additionally, when I try the old command sudo certbot --apache, the list only has api.example1.com

So how would I create a new certificate for api.exmaple2.com?


Web server: Apache 2.4.29

Operating system: Ubuntu 18.04

I can login to a root shell on my machine: Yes

Control Panel: No

Certbot Version: 0.31.0


#2

What are your real domains?

Is the web server already configured with an HTTP virtual host for api.example2.com? For Certbot to suggest a hostname, it has to be configured – and Certbot has to be able to understand the configuration.

The certonly command doesn’t make any permanent changes to the web server configuration. (certonly --apache makes a temporary change to pass the validation.)

You can run Certbot again, without certonly, and it will offer to configure the web server. It should ask you whether you want to reuse the existing api.example2.com certificate or issue a new one; or you can pass the --reinstall option to stop it from asking.


#3

Thanks for your reply.

I tried that and got this success message:

  Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/api.param.me/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/api.param.me/privkey.pem
   Your cert will expire on 2019-06-27. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

But my site still doesn’t have HTTPS… Is there anything I have to do manually? Other guides show adding this to the site’s .conf file

SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt

#4

Hi @paramt

if you use certonly, you have to install the certificate manual.

But you can try

sudo certbot -d yourdomain --apache

then Certbot should ask if you want to install the existing certificate.


#5

Yes, the certonly command is intended for people who don’t want Certbot to install the certificate (because they prefer to install it themselves or because Certbot won’t know how to do it in their configurations). That’s why your original certificate was successfully installed by Certbot but your second certificate wasn’t—because by using certonly, you asked Certbot not to do so.