[Resolved] - Adding domain to existing cert failed, have two conf files

omega1 · October 28, 2018, 3:26pm

Hello,

I have just issued the following command to add two new domain names to an existing certificate, but although I get a ‘success’ message and all the domains are listed in the process, the new domains added do not seem to be covered by the certificate (the old ones continue to work).

certbot --webroot -w /var/www/html certonly -d existing.domain1.com -d existing.domain2.com -d new.domain.com -d new.domain2.com

I think it is due to the fact that I have two .conf files held in /etc/letsencrypt/renew and it is using the wrong one (or something like that).

The error I get when I visit new.domain.com is this:

This server could not prove that it is **new.domain.com** ; its security certificate is from **existing.domain.com**

I’m running apache on Debian.

Is there a correct way to specify a specific conf. file during the process, or should I try and delete everything and try again? If so, what would the process be?

Thank you.

JuergenAuer · October 28, 2018, 3:29pm

Hi @omega1

if you use certonly, you have to install the certificate manual.

Did you reload / restart your server?

omega1 · October 28, 2018, 3:32pm

Hi, thanks for the quick reply!

Yes, I did service apache2 restart

Should I do it without the certonly?

JuergenAuer · October 28, 2018, 3:38pm

If you want to extend your existing configuration, you have to do that manual. So if you have a certificate, then use it, don't create a new, you will hit the limit.

Share your domain names and your configuration file.

There are two working rows

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

So you need vHosts with the other domains and there

    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

to your existing certificate.

But perhaps it's easier if you create a new certificate only with the new domain name instead of creating one big certificate.

omega1 · October 28, 2018, 3:44pm

Hi Juergen,

Thanks again for your quick reply, much appreciated. Thanks to your comment I was able to resolve.

There are already two certs on this server so I changed the

SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"

to the other one (which must have been the one that was used to add the new domains) reloaded config and it worked as expected.

Thank you.

system · November 27, 2018, 3:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.