Sudo certbot --expand command expands the original certificate domain name list

The original certificate already contains the domain name a.com.
Now use the following command to expand the domain name range:
sudo certbot --expand -d a.com -d b.com -d c.com

Is this method only used to verify the newly added b.comc.com domain names,
or all historical domain names need to be re-verified?

that requires new leaf certificate (as certificates are immutable after signed) and whether if it need re-verification is entirely dictated by CA, while currently LE caches valid authorization up to 30 days now expect to you'll need to (re)do challenges for all domains in new certificate.

2 Likes

That's not up to the ACME client, but the ACME server.

2 Likes

Is there any way for me to know whether the ACME server of Let's Encrypt requires re-verification of both the historical domain name and the newly added domain name?
Is there any information that can help me understand this part of information?

Does this mean that if 30 days have passed since the original domain name was last issued with a Let's Encrypt certificate, all domain names, including historical domain names and newly added domain names, need to be revalidated?

yes it is currently but it'd reduce to 8 hours in future so you shouldn't depend on it.

2 Likes

please see

The authorization reuse period is per domain and accout

4 Likes