[Resolved] - Adding domain to existing cert failed, have two conf files



I have just issued the following command to add two new domain names to an existing certificate, but although I get a ‘success’ message and all the domains are listed in the process, the new domains added do not seem to be covered by the certificate (the old ones continue to work).

certbot --webroot -w /var/www/html certonly -d existing.domain1.com -d existing.domain2.com -d new.domain.com -d new.domain2.com

I think it is due to the fact that I have two .conf files held in /etc/letsencrypt/renew and it is using the wrong one (or something like that).

The error I get when I visit new.domain.com is this:

This server could not prove that it is **new.domain.com** ; its security certificate is from **existing.domain.com**

I’m running apache on Debian.

Is there a correct way to specify a specific conf. file during the process, or should I try and delete everything and try again? If so, what would the process be?

Thank you.


Hi @omega1

if you use certonly, you have to install the certificate manual.

Did you reload / restart your server?


Hi, thanks for the quick reply!

Yes, I did service apache2 restart

Should I do it without the certonly?


If you want to extend your existing configuration, you have to do that manual. So if you have a certificate, then use it, don’t create a new, you will hit the limit.

Share your domain names and your configuration file.

There are two working rows


<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

So you need vHosts with the other domains and there

    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

to your existing certificate.

But perhaps it’s easier if you create a new certificate only with the new domain name instead of creating one big certificate.


Hi Juergen,

Thanks again for your quick reply, much appreciated. Thanks to your comment I was able to resolve.

There are already two certs on this server so I changed the

SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"

to the other one (which must have been the one that was used to add the new domains) reloaded config and it worked as expected.

Thank you.