Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I was able to create certificates for each subdomain (e.g. ios7.homefieldscorebook.com, beta.homefieldscorebook.com) and add-on domain (whitneyross.com) by running certsage.php in each one, but the newer ones overwrote the cronjob so it didn't run for others and the certificates expired.
Trying to put the subdomains in the same certificate as the apex domain left me with ACME challenge 404 errors in the subdomains.
The cron job writes within the platform/os aren't always reliable. Not intentional. Limitation of the underlying software. Sorry about that. Each copy of CertSage actually checks for renewal of the certificate in its CertSage data directory every time its certsage.php is loaded by any means. The cron jobs are simply there to ensure that certsage.php is loaded once per day. Once a cron job is created the first time a certificate is installed into cPanel using one of the buttons in CertSage (when autorenew.txt is created), CertSage does not manage that cron job after that point. Feel free to add/remove/manage the cron jobs however you see fit.
I used the linked tutorial but it is unclear to me whether subdomains and add-on domains all need the same account.key and account-staging.key as the ones in the apex domain.
Regarding cron jobs, do I need to add for each subdomain as well as each add-on?
It isn't required, but copying them is good general practice rather than creating many accounts.
The general rule is that each domain name or subdomain name that serves its own content will have its own certsage.php and its own CertSage data directory. They can (and generally should) all share the same production and staging account keys (via having their own copies). Only those domain names and subdomain names that are aliases of each other and thus serve the same content (like an apex domain name and www subdomain name) should be included in the same certificate (and thus share a certsage.php and CertSage data directory).
You need one for each copy of certsage.php to load that certsage.php on a regular basis so that it can check for renewal of its certificate in its CertSage data directory. The way to use one certsage.php for multiple domain/subdomain names is described in my last post above.
Almost there: I have two subdomains that point to the same content (i.e. same /public_html/ in cPanel, rather than aliasing at the DNS level.) The ACME challenge fails for the subdomain that doesn't have the same name as the subdirectory, but I think they should share a certificate?
