How to set up the certificate for automatic renewal in the future?

I run our own Nginx on a CentOS server. However every time we’ve set up using this command:

certbot   certonly -a webroot --webroot-path=/home/dir  -d  -d

It somehow asks me for DNS verification. But this doesn’t auto-renew. Where can I find very clear, simple, instructions on how to set this up so that everything is done in a way that I don’t have to think about it again. I don’t need to become an expect at this. Just need to do this.

Note. The instructions here are either old or outdated:

Hi @PKHunter, could you show us the exact message that you get from Certbot in this case?

Hello, thank you! Actually after a while it seemed to work. Now I have a different question. IN executing that command we did the (and the www.) version of the domain. We’d also like to add the to the same certs if possible. Is this doable? We want to auto-redirect any visiting user to the same domain via a 301, which may be the .com domain. So we’re simply trying this out with the .io. Is this an Nginx problem and not an SSL problem?

You can put them both in the same certificate by just adding more -d options. But I didn’t understand whether you’ve succeeded in issuing the combined certificate (but just not gotten nginx to serve it up to visitors properly), or whether you’re still waiting to issue it.

Thank you. Issue now is that we ran that command already with the .io domains with the -d option. How can we now add the .com to the same certs?

You can run a similar command.

If all 4 websites are hosted on the same server and use the same web root, you can use:

certbot certonly -a webroot --expand --webroot-path=/home/dir -d -d -d -d

(If --expand is left out, Certbot will just ask if you want to replace the existing cert, or create a separate cert.)

If the .com site is hosted on the same server but uses a different web root, you can do something like:

certbot certonly -a webroot --expand --webroot-path=/home/dir -d -d --webroot-path=/var/www/domaincom/html -d -d

If the .com site is hosted on a different server, you should install Certbot on that server, and create a separate cert with something like:

certbot certonly -a webroot --webroot-path=/var/www/domaincom/html -d -d


This is very informative, it should be in the main documentation in exactly this lucid way. Wow, thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.