Hello @dusek,
This post won’t be too useful but…
1) Remove a domain to renew existing certificate.
I’ve been testing it with several domains and several options and no matter what I do, I’m always get a new -t0001 domain with new certs. So for this you should be waiting till someone could explain how we could do it (without removing all related data to this existing certificate).
Note: I tested it several times using --duplicate
, --expand
and --reinstall
switches but nothing works, all of them create a new -t000x suffix.
2) Add a domain to renew existing certificate.
I’ve tested it creating a cert for 2 domains and when renewed, I’ve added a new domain and it worked fine using --expand
switch, it creates a new cert inside the same dir (without adding -t0001 suffix to domain dir).
Help for expand switch:
--expand If an existing cert covers some subset of the
requested names, always expand and replace it with the
additional names. (default: False)
The config file I’ve used in /etc/letsencrypt/test.domain.tld.ini
staging
text
renew-by-default
agree-tos
register-unsafely-without-email
rsa-key-size = 4096
authenticator = webroot
webroot-path = /path/to/domain.tld
domains = t1.domain.tld,t2.domain.tld
The command used to created the first certificate for 2 domains:
./letsencrypt-auto certonly --config /etc/letsencrypt/test.domain.tld.ini
Once created, I modified the ini file /etc/letsencrypt/test.domain.tld.ini
to add a new domain (t3.domain.tld
):
staging
text
renew-by-default
agree-tos
register-unsafely-without-email
rsa-key-size = 4096
authenticator = webroot
webroot-path = /path/to/domain.tld
domains = t1.domain.tld,t2.domain.tld,t3.domain.tld
And this time I executed the letsencrypt-auto
command but adding --expand
switch.
./letsencrypt-auto certonly --config /etc/letsencrypt/test.domain.tld.ini --expand
And it created a new cert for 3 domains in the same place, replacing previous cert.
At least you know that adding new domain won’t break your config
Cheers,
sahsanu