41

I have generated SSL certificate like so:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
./letsencrypt-auto certonly --standalone

Then I was asked for email ... and a domain name. I entered example.com

I figured out that I could enter multiple domains to be included in one certificate using different approach. E.g.:

sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

I wonder if I could have entered multiple domains when I was promoted for them in a dialog or now I need to regenerate using a different approach?

Do I need to remove previous letsencrypt installation before going new way?

UPDATE -> SOLVED

sudo ./certbot-auto certonly --standalone -d example.com -d www.example.com
Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
user2814599
  • 1,060
  • 1
  • 13
  • 27
  • 1
    You can add host names to existing certificates and renew the signing. Have a look here: https://community.letsencrypt.org/t/adding-a-new-domain-name-to-existing-cert/10992 – arkascha Dec 12 '16 at 09:31

1 Answers1

82

You do not need to remove the installed certificate.

You can extend it to your sub-domain if you're using the same domain. Do the following:

sudo certbot certonly --standalone -d example.com -d www.example.com

When prompted for Expanding or Cancelling, reply with E then hit Enter key on your keyboard.

The certificate should be setup successfully.

If you encounter this error: Problem binding to port 80: Could not bind to IPv4 or IPv6, stop Apache by running systemctl stop apache2 then run the above certbot command again.

Once the SSL certificate is successfuly setup, run systemctl restart apache2 to get Apache up and running again.

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
mutiemule
  • 2,319
  • 2
  • 28
  • 34
  • I have setted cronjob to auto renew - does the auto renew will renew both of them? (and all other certificates as well?) – Raz Buchnik Jun 28 '19 at 06:32
  • 2
    Yes it will renew both of them @raz – mutiemule Aug 15 '19 at 07:14
  • I got `Failed authorization procedure` for www, `DNS problem: NXDOMAIN looking up A for www...` – Joseph K. Nov 03 '19 at 03:41
  • 1
    @JosephK. ensure your A records are correct from your DNS configurations. – mutiemule Nov 03 '19 at 19:08
  • I had to stop apache in order for certbot to be able to expand cert. Other than that this solution worked great ! – Adam W Jul 02 '23 at 18:49
  • @AdamW the process of stopping apache is covered in the above answer as well, maybe you missed it. – mutiemule Jul 03 '23 at 07:27
  • It should be noted that you should not use `certonly` here if you intend for certbot to manage the www domain as well as the bare domain in your webserver's config. If you're using nginx, for instance, you would put `--nginx` in place of `certonly`. – Kef Schecter Jul 29 '23 at 21:47