What is Proper Efficient Way To Renew Multiple Domains


#1

I am successful in creating one certificate with domain.com along with several sub.domain.com included. I since have a new domain.org running on the same server.

What is the proper way of adding this new domain? In one certificate along with domain.com or creating a new certificate with domain.org?


#2

Whatever you need.

If you need the names to be on separate certificates, then issue them separately.

If you need them all on the same certificate (such as when all the domains are on the same Apache VirtualHost or nginx server), then you can expand/re-issue the existing certificate with new names. (Search for --expand on https://certbot.eff.org/docs/using.html).


#3

Thanks for the reply. The sites are running on the same nginx server. This question came to me when I was doing a ssl check on my existing domain.
https://www.ssllabs.com/ssltest/analyze.html?d=domain.com

This check list all the domains, subdomains on the certificate and it doesn’t look professional. Perhaps the only person using this link is me and I will only noticed this. I am wondering if there are any other checks similar that will list them the same way?


#4

Well, anybody who inspects the certificate (for example, using any browser) can see all of the names. This is because they are encoded as subjAltnames list on the certificate.

If not revealing all of the names is important to you, then either:

  • Split the domains up onto different certificates by issuing them one-by-one, or
  • Use a wildcard certificate

#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.