Unable to expand existing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: musingsofamaverick.org

I ran this command: certbot --expand -d musingsofamaverick.org,musingsofamaverick.blog

It produced this output: Certbot doesn’t know how to automatically configure the web server on this system.

My web server is (include version): nginx 1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot version 0.31.0

1 Like

Hi @wrknight

checking your domain via musingsofamaverick.org - Make your website better - DNS, redirects, mixed content, certificates - you use already a new certificate with both domain names:

CN=musingsofamaverick.org
	22.04.2020
	21.07.2020
expires in 73 days	musingsofamaverick.org, www.musingsofamaverick.org - 2 entries

Both connections (non-www and www) are secure.

Looks like that error message isn't relevant.

1 Like

Unfortunately, that is not the problem. The problem was the failure to expand the coverage of the certificate to include the new domains musingsofamaverick.blog and www.musingsofamaverick.blog. Following the instructions in using the command certbot --expand, I received the error message above and my certificate does not cover the new domain names.

The subdomains www were actually included for both domains in the the original instruction so that there should now be four domain names covered by the certificate.

1 Like

Have all 4 domain names the same content?

If yes, do you have one vHost with all 4 domain names?

If not, Certbot doesn't understand how to create a port 443 vHost.

There

https://certbot.eff.org/docs/using.html

--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains. With the --expand option, use the -d option to specify all existing domains and one or more new domains.

So you have to add all domains with -d.

1 Like

All 4 domain names are for the same website. Essentially they are aliases that should point to the same content. They are:
musingsofamaverick.org, www.musingsofamaverick.org, musingsofamaverick.blog, www.musingsofamaverick.blog

To the best of my knowledge, I do not have a virtual host.

The instructions you cite are the instructions I followed. I am not sure what you mean by the last sentence as I only entered -d once at the beginning of the domain name list. I did not enter -d before each domain name.

1 Like

That has to be entered before each domain name.

1 Like

That didn’t work either. Same error message.

1 Like

That's the reason Certbot doesn't know how to create a port 443 vHost.

The port 80 template is missing. Create one.

1 Like

Help me out here. I have no idea what a port 80 template is or how to create one.

Also, I don’t understand why that would affect the new domain names and not the existing domain names.

1 Like

Attempting to use the command certbot --nginx I get the message "the requested nginx plugin does not appear to be installed.

So my next question is, how do I install it at this point?

1 Like

New info.

Looking at my installed certbot packages with Synaptic I find that only certbot and python3-certbot are installed. Python-cerbot-nginx does not appear to be installed.

Any recommendations?

1 Like

You will have to get your first problem fixed first. Then you can add the domains as above.

It would appear I have a number of problems. Which one do I fix first, and how do I go about it?

Problem solved.

To solve the problem on my LEMP server all I had to do was to install the nginx plugin and re-run the --expand command. Since certbot was already installed all I had to do was run

sudo apt install python-certbot-nginx pytthon-certbot-nginx-doc

after that was completed, I ran

sudo certbot --expand -d olddomain,newdomain

and my certificate was expanded to include the new domain. (It was not necessary to put the -d in front of every domain name. I just separated each domain name with a comma and no space.)

Afterwards, I ran

sudo service nginx restart

to restart nginx with the revised info.

1 Like

Thanks. I'll remember that. Glad to see you got up and running!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.