Where come the Alternative Names from?

I’m running a domain which has a commercially bought certificate.
To run some other domains under the same IP (VirtualHosts), I tried out letsencrypt.
I ran
certbot --version
certbot 0.31.0
certbot certonly --apache
and chose two numbers from the list I got, typed in the two numbers, separated by a comma, like: 8,47

As a result I only got one cert listed to be found in /etc/letsencrypt.
So I had to rerun the certbot script for every single domain once.

Maybe the script combined the certificate for the two domains into one?

As a result - and I don’t know where this mess comes from - I now have Alternative Names listed when I do an SSL check for

Now my question: how can I easily revoke the certs (from the command line possibly)?
Doesn’t it have any drwbacks, that I possibly cannot get a new letsencrypt cert quickly after the revoking?

Thanks a lot,


Hi @Krischu

yes, that’s how Certbot works.

That’s not a mess, that’s the regular SAN. Most certificates have more then one domain name.

Revoking is always wrong if the private key isn’t stolen. Please check the documentation about “Rate limits” and don’t delete active certificates.

1 Like

by the way, CA/B now requires any name in common name to be included in SAN, so you won’t have certificates without alternative name

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.