One of the possible benefits of using --cert-name is that you can reuse a specific cert location already in use by nginx.
All you would have to do is restart/reload nginx to use the new cert.
To clarify: The cert name points to the specific cert being managed by certbot. Which is defined to be placed in a specific location:
Like: /etc/letsencrypt/live/{cert-name}/fullname.pem
In that sense, the cert name and location would remain the same - only the domains covered would change.
have an issue running the command:
sudo certbot certonly \
--manual \
--cert-name staging-certs \
--email user@site.com \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-public-ip-logging-ok \
sudo certbot certonly \
--manual \
--email user@site.com \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-public-ip-logging-ok \
-d *.concept.staging.smart48.com \
-d concept.staging.smart48.com \
-d *.staging.smart48.com \
-d staging.smart48.com
[sudo] password for ploi:
Use of --manual-public-ip-logging-ok is deprecated.
Use of --manual-public-ip-logging-ok is deprecated.
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: sudo certbot certonly
Why am I getting certbot: error: unrecognized arguments: sudo certbot certonly?
That seems to repeat some lines.
True, so adjusted and ran again
sudo certbot certonly \
--manual \
--cert-name staging-certs \
--email user@site.com \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-public-ip-logging-ok \
-d *.concept.staging.smart48.com \
-d concept.staging.smart48.com \
-d *.staging.smart48.com \
-d staging.smart48.com
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.concept.staging.smart48.com and 3 more domains
An unexpected error occurred:
Error creating new order :: Domain name "concept.staging.smart48.com" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
so perhaps separate main sub or sub subdomain not necessary when we create wildcard domains?
Haha!
I hadn't even noticed that the wildcard makes the first one needless.
Try again without the line:
-d concept.staging.smart48.com \
Try it as:
[aligned for readability]
sudo certbot certonly \
--manual \
--cert-name staging-certs \
--email user@site.com \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
-d *.concept.staging.smart48.com \
-d *.staging.smart48.com \
-d staging.smart48.com
Did jus that and it worked
sudo certbot certonly \
--manual \
--cert-name staging-certs \
--email user@site.com \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-public-ip-logging-ok \
-d *.concept.staging.smart48.com \
-d *.staging.smart48.com \
-d staging.smart48.com
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.concept.staging.smart48.com and 2 more domains
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.concept.staging.smart48.com.
with the following value:
XBZIiEBI3ZtUJi11QhGBq6xV3RYwFcx_vc7r2EGjIYs
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.concept.staging.smart48.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/staging-certs/fullchain.pem
Key is saved at: /etc/letsencrypt/live/staging-certs/privkey.pem
This certificate expires on 2024-02-07.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
updated concept and staging nginx config files, tested with sudo nginx -t and all good. Then reloaded Nginx. Tested staging.smart48.com and https://t3st.concept.staging.smart48.com and both are working now so it seems to work. Also tested en.staging.smart48.com and no issues. Thanks so much @rg305 !
I'm glad to have been of service 
Next: We need to get from "--manual" to "automated" [but that is for another topic].
If you can, consider donating [any amount] to LE for their great service [and support].
And, if you care to be more than generous, you can also buy me a 
In any case, cheers from Miami!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.