Please recommend best practices proceedure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel, Inc. 70.0.48

My domain is hosted and I have a cert “” and two subdomains “” and “” from Let’s Encrypt thru their cPanel. I also want to have certs for subdomains I will be hosting at home behind my router.
1: Should I invalidate the original cert and reapply adding in the subdomains at a different IP?
2: Can the subdomain certs be updated every 90 days automatically on my home site and the hosted site certs also be automatically renewed? in other words can I legitimately run an agent on the hosted site and an agent on one of my subdomains?
I’ve looked around for 4 days doing a lot of reading and I’m new to getting and managing certificates myself. I’m also worried because I set up Cloudflare separately from my hosted site which allows that I just found out.
Cloudflare was set up while installing docker containers that came from My DNS has always been with DynDNS.

I’m hopelessly lost and want desperately to do the right thing. Please guide me in what I should do. Thank you soo much for your help.


You don't need to do this.
Let's encrypt doesn't validate any IP, it'll just validate your site (with http or DNS)

Yes. (However your "agent" can't hit the rate limit).
It seems that the cPanel certificate was automatically obtained through cPanel autossl, hense you don't need to do anything.

P.S. before you request certificate on your home device, make sure that your home ISP isn't filtering port 80 (since certbot http validation depend on port 80 and doesn't have an existing API to connect with certbot)

Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.