Need for revoke certificate when adding new domains

ppKrauss · November 1, 2016, 2:01pm

Hi all, I am using UBUNTU 16 LTS and my domain is yellowtown.org, it is using a certificate… But I need to add other domain in the same certificate, something like

letsencrypt --apache -d yellowtown.org -d OTHER.com -d ETC.etc

So, to not destroy or put in risk my public (the web user experience), what the fast, secure and simplest way to add a new domain? First to revoque with
letsencrypt revoke --cert-path /etc/letsencrypt/live/yellowtown.org/privkey.pem
? or only redo letsencrypt --apache above?

tialaramex · November 1, 2016, 2:06pm

Don’t revoke. Revocation is only for when you lose control over the private key associated with the certificate and thus nobody should trust it.

You should use the --expand flag, this tells certbot that you intend to replace your existing certificate with one that has an extra name in it.

You can just do the command without expand, but then you’ve got two different certificates available, and that’s confusing, so adding --expand is better in your case.

ppKrauss · November 1, 2016, 2:48pm

Thanks @tialaramex! A minor problem or bug: letsencrypt --help | grep expand, no mention to expand. How to use it, --apache --expand or only --expand?

tialaramex · November 1, 2016, 3:33pm

I believe it would be --apache --expand

serverco · November 1, 2016, 3:33pm

You can see the documentation at https://certbot.eff.org/docs/using.html#re-running-certbot (certbot is the new name for the letsencrypt client )

system · December 1, 2016, 3:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.