Is there a limit on subdomains?

My domain is:

I ran this command:
sudo certbot --nginx -d

It produced this output:
I got success but a number of new subdomains that I have setup don’t appear to be getting added to the cert. I feel like I am capped or limited somehow… In truth, the initial certbot --nginx commands are straight forward, I am certain that I don’t fully understand how to augment my certs properly. Thank you for any help you can offer and what a great product/service you have.


My web server is (include version): nginx 1.14

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is: AWS/EC2

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

There's an --expand option for that: User Guide — Certbot 1.21.0 documentation

But a good place to start would be to list all of your certificates:

 certbot certificates

and tell us what changes you want to make to that list.

1 Like

I think I get it, there are multiple cert files being created and I thought it was all being handled from one


Expiry Date: 2019-11-04 17:40:17+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

Thanks, I was looking for a way to list certificates, I didn’t find it initially and I had other priorities. Thanks so much

Great. In general, the key to not creating duplicates is to use --cert-name, e.g.:

certbot --nginx --cert-name \
-d first-domain -d second-domain -d ...

You guys have thought this all through very well, extremely useful, I will be creating a script to discombobulate my life in the future.

Thanks again

1 Like

Hmm I think it's still not working ..

Do I have to wait a while? I've tried the following command and updated my nginx.conf

sudo certbot --nginx --cert-name -d

ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot 
include /etc/letsencrypt/options-ssl-nginx.conf; 
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

The strange thing is almost all of my other subdomains work. Just a couple new ones that don't work.


What is the specific problem you're experiencing?

I can see your certificate - website works just fine.

Have you tried closing the browser tab and opening a new one? Sometimes they're dumb and retain SSL errors even after the problem that caused the error is fixed.


It must be chrome then, for me it says it is an insecure site.

Thanks for responding again.

Oh yeah new tab fixed it, thanks

1 Like

Hi @jeromystewart

if you use the -d option, one certificate with this list of domain names is created.

You use one -d - option -->> your certificate has one domain name.

Checking your main domain ( ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-08-09 2019-11-07
1 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-08-08 2019-11-06
1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-06 2019-11-04
1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-06 2019-11-04,,,,,,,,,,,,,,,,,,,
20 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-03 2019-11-01,,,,,,,,,,,,,,,,,,
19 entries
Let's Encrypt Authority X3 2019-08-01 2019-10-30,,,,,,,,,,,,,,,,,
18 entries

Copied only the newest results.

If you have a lot of subdomains, you have two options:

  • creating one certificate with all subdomains. You can add max. 100 domain names in one certificate. So 20 << 100, you can add a lot of new subdomains. But then you need (if you use the -d option) always a list of all subdomains. That's complicated.
  • creating one certificate per subdomain. You can create max. 50 new certificates per domain per week. Then you need one vHost per subdomain

Checking your list - there are new subdomains, but not 50 in one week. Currently, 20 subdomains.

So creating one certificate per subdomain should work without hitting a limit.

Both versions (one certificate with all subdomains or one certificate per subdomain) are possible.

1 Like

Thank you for your input. The major setback at this moment is every client/partner wants me to know, learn and master a dozen different technologies. I must add letsencrypt to that list … my real issue is time. Thanks so much for all of your help. I think I am slowly arriving at an approach that will allow me to manage all of the subdomains …


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.