[Resolved] - Adding domain to existing cert failed, have two conf files



I have just issued the following command to add two new domain names to an existing certificate, but although I get a ‘success’ message and all the domains are listed in the process, the new domains added do not seem to be covered by the certificate (the old ones continue to work).

certbot --webroot -w /var/www/html certonly -d existing.domain1.com -d existing.domain2.com -d new.domain.com -d new.domain2.com

I think it is due to the fact that I have two .conf files held in /etc/letsencrypt/renew and it is using the wrong one (or something like that).

The error I get when I visit new.domain.com is this:

This server could not prove that it is **new.domain.com** ; its security certificate is from **existing.domain.com**

I’m running apache on Debian.

Is there a correct way to specify a specific conf. file during the process, or should I try and delete everything and try again? If so, what would the process be?

Thank you.


Hi @omega1

if you use certonly, you have to install the certificate manual.

Did you reload / restart your server?


Hi, thanks for the quick reply!

Yes, I did service apache2 restart

Should I do it without the certonly?


If you want to extend your existing configuration, you have to do that manual. So if you have a certificate, then use it, don’t create a new, you will hit the limit.

Share your domain names and your configuration file.

There are two working rows


<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

So you need vHosts with the other domains and there

    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

to your existing certificate.

But perhaps it’s easier if you create a new certificate only with the new domain name instead of creating one big certificate.


Hi Juergen,

Thanks again for your quick reply, much appreciated. Thanks to your comment I was able to resolve.

There are already two certs on this server so I changed the

SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"

to the other one (which must have been the one that was used to add the new domains) reloaded config and it worked as expected.

Thank you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.