Nginx add new subdomain

I have already installed Let’s encrypt on my web server (Ubuntu 16.04) running with Nginx for domains :slight_smile:

To update my SSL certificate, it’s done with a crontab:
0 0 * * MON,THU /usr/bin/certbot renew --quiet

I would like to add a fifth one which would be How to? I have seen that the option –expand should be used but with certbot-auto which is not installed on my server.
certbot-auto: command not found



Please clarify your question.

Do you want to add a domain to your SAN or you want to create a completely new certificate and add to renewal?

Thank you

I want to add domain to my SAN. I have all .pem files here:


And want to keep them here.


----------------Update -------------------------
@sahsanu’s answer is better than mine.

---------------end update--------------------
In this case, you will need to run
certbot-auto --expand -d -d -d -d -d

However, I’m not sure if certbot-auto can keep certs in the same place since the doc said it will create a new directory instead of update in place.

Thank you.

For these cases it is better to use --cert-name instead of --expand. Following your example:

certbot-auto --cert-name -d -d -d -d -d

1 Like

Ok, thank you.
What is the difference between certbot and certbot-auto because certbot-auto is not installed on my server? Do I have to install it?

root@myserver-01# locate certbot|grep bin

No, there is no need to install certbot-auto, use just certbot. Parameter --cert-name was introduced on certbot version 0.10.0 so you should not have issues to use it.

certbot-auto is used for Linux Distributions that doesn't package certbot or the certbot packaged is too old.

Unfortunately it failed:

certbot --cert-name -d -d -d -d -d

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

You are updating certificate to include domains:,,,,

It previously included domains:,,,

Did you intend to make this change?
                     (U)pdate cert/(C)ancel: U
Renewing an existing certificate
Performing the following challenges:
                     tls-sni-01 challenge for
tls-sni-01 challenge for
tls-sni-01 challenge for
tls-sni-01 challenge for 

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

In the log file /var/log/letsencrypt/letsencrypt.log we have

Traceback (most recent call last):
             File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.19.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/", line 861, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/", line 692, in run
domains, certname = _find_domains_or_certname(config, installer)
File "/usr/lib/python2.7/dist-packages/certbot/", line 292, in _find_domains_or_certname
raise errors.Error("Please specify --domains, or --installer that "

Hi @defacta,

tls-sni-01 challenge has been disabled due several security issues so you can’t use it. In certbot version 0.21.0 it has been corrected so nginx plugin doesn’t try to use this challenge but uses http-01. In your case you could try to use webroot to validate the challenge and the nginx plugin just to install them.

certbot -a webroot -i nginx --cert-name -d -d -d -d -d


Ok done,

I have installed the official certbot package with apt-get install certbot. Now my version is 0.21.1. I had 0.19 version.

I had to summarize my default config file of Nginx /etc/nginx/sites-available/default to:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /var/www/example_prod;

server {
        listen 80;
        root /var/www/example_dev;

server {
        listen 80;
        root /var/www/example_test;

Then I could perform certbot -a webroot -i nginx --cert-name -d -d -d -d

And it worked like a charm and put back my original Nginx default config file.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.