How to Force a New Certificate

Help
1

My domain is: https://www.londonyogafactory.co.uk/
I ran this command: sudo certbot
My web server is (include version): AWS EC2 AMI 2
The operating system my web server runs on is (include version): Amazon Linux 2 AMI
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine: Yes
I’m using a control panel to manage my site: No
The version of my client is: 0,39.0

Hi

I'm trying to force a new certificate for the domain above.

In this document:
https://certbot.eff.org/docs/using.html

It says:

certbot --expand -d existing.com -d example.com -d newdomain.com

Consider using --cert-name instead of --expand, as it gives more control over which certificate is modified and it lets you remove domains as well as adding them.

Therefore, I tried the following:

certbot --cert-name -d londonyogafactory.co.uk -d www.londonyogafactory.co.uk

and got the following error message:

usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-name: expected one argument

Can somebody help me?

Kind Regards,
Adrian

2

You forgot the actual name for the --cert-name option. See for more information all the options for certbot: User Guide — Certbot 2.7.0.dev0 documentation

With certbot certificates you can see the names of the certificates. Choose the certificate which you want to expand and use that certificate name as option for --cert-name.

Also: I'm not really sure you want to expand with that specific command? All the certificates for that domain already have the www subdomain listed?

3

Sorry Osiris, I'm still confused.

I just copied the example in the help documentation.

Do you have an example that I could copy?

My problem is described in this post.

4

There

you have already the solution.

--cert-name requires a value, check your config with certbot certificates to find the name of your existing certificate and use that.

5

@JuergenAuer

  1. In the first post you instructed me to use the --cert-name option.
  2. I copied the --cert-name example from the user guide and got an error message.
  3. I opened this ticket to report that issue.
  4. I referenced the other ticket because @Osiris questioned my use of this command

According to the user guide the following two commands should work.

certbot --expand -d existing.com -d example.com -d newdomain.com

certbot --cert-name -d existing.com -d example.com -d newdomain.com

The user guide does not mention including a certificate name and it would be helpful if it was updated to describe where and how to use/get the certificate name.

6

Where did you literally read that?

The user guide doesn't say: "replace --expand with --cert-name". It only says: "in stead of using the option --expand please use the option --cert-name". It shouldn't be necessary for it to say "and use --cert-name in the correct way like it is explained in the --cert-name part of this documentation". Which by the way is just thirteen rows below.

The documentation assumes the reader looks up the part of --cert-name where the reader will learn how to use that option. The documentation never says anything about directly replacing the one command for another in the example.

7

@Osiris you are 100% right - but I am new to certbot and it’s easy to get confused. An example would really help.

8

See from my previous post:

And with "the names of the certificates" I mean the certificates known by certbot. And in stead of "which you want to expand" you could also read "which you want to change".

9

Many thanks for your help @Osiris

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.