Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: binomialsoftware.com
I ran this command:
It produced this output:
Cert not yet due for renewal
No renewals were attempted
My web server is (include version):
The operating system my web server runs on is (include version):
Debian GN/Linux 11 (bullseye) dockered on Ubuntu 21.10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I really have no idea how I did that it certainly wasn't on purpose. I probably spent 20-30 hours to create the first certificate trying different things. I guess you are saying I'm back to square one and have to create the certificate again ?
Usually, that would be the most straightforward solution indeed, as certbot does not have an easy method of adding/removing hostnames from an existing certificate. However, that requires knowledge of the original command used to get the certificate in the first place. Sometimes people don't know that command any longer.
It might also be possible to use the renew command in combination with adding new hostnames, but I'm not entirely sure. E.g. something like:
If that works, you can change --dry-run for --force-renewal and run the following command just once (because --force-renewal should only be used a single time if it succeeds!). --force-renewal is unfortunately required as otherwise certbot would claim the certificate is not yet due for renewal.. We know, certbot, we know! We just want to change it!
I tried the command above with --dry-run and the output was:
"Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future." So I didn't try without --dry-run
The content of the config file is:
OK, you just need to wait an hour. Lets Encrypt will reject when you try too many times and fail. Ideally you use --dry-run or --test-cert but that can be awkward with --apache sometimes so best to wait.
As to CNAME, it is fine to have CNAME for the www.binomialsoftware.com pointing to the apex name. But, it also would have worked to make an A record for www.binomialsoftware.com - instead of a CNAME. Perhaps back in August you did have an A record for it but it got removed. Either way, CNAME or A, it should work in an hour.