Certbot add www domain to existing domain certificate

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












4















I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache



$ certbot --apache


You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.










share|improve this question
























  • what commands have you run? and what have you tried?

    – Vlastimil
    Aug 4 '16 at 12:11












  • @burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

    – Robbert
    Aug 4 '16 at 12:19











  • I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

    – Vlastimil
    Aug 4 '16 at 12:20











  • If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

    – Vlastimil
    Aug 4 '16 at 12:23















4















I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache



$ certbot --apache


You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.










share|improve this question
























  • what commands have you run? and what have you tried?

    – Vlastimil
    Aug 4 '16 at 12:11












  • @burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

    – Robbert
    Aug 4 '16 at 12:19











  • I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

    – Vlastimil
    Aug 4 '16 at 12:20











  • If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

    – Vlastimil
    Aug 4 '16 at 12:23













4












4








4


1






I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache



$ certbot --apache


You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.










share|improve this question
















I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache



$ certbot --apache


You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.







debian apache-httpd letsencrypt






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 4 '16 at 13:09









Jeff Schaller

42.9k1159137




42.9k1159137










asked Aug 4 '16 at 12:03









RobbertRobbert

13315




13315












  • what commands have you run? and what have you tried?

    – Vlastimil
    Aug 4 '16 at 12:11












  • @burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

    – Robbert
    Aug 4 '16 at 12:19











  • I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

    – Vlastimil
    Aug 4 '16 at 12:20











  • If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

    – Vlastimil
    Aug 4 '16 at 12:23

















  • what commands have you run? and what have you tried?

    – Vlastimil
    Aug 4 '16 at 12:11












  • @burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

    – Robbert
    Aug 4 '16 at 12:19











  • I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

    – Vlastimil
    Aug 4 '16 at 12:20











  • If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

    – Vlastimil
    Aug 4 '16 at 12:23
















what commands have you run? and what have you tried?

– Vlastimil
Aug 4 '16 at 12:11






what commands have you run? and what have you tried?

– Vlastimil
Aug 4 '16 at 12:11














@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

– Robbert
Aug 4 '16 at 12:19





@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the $ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.

– Robbert
Aug 4 '16 at 12:19













I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

– Vlastimil
Aug 4 '16 at 12:20





I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it

– Vlastimil
Aug 4 '16 at 12:20













If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

– Vlastimil
Aug 4 '16 at 12:23





If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again

– Vlastimil
Aug 4 '16 at 12:23










3 Answers
3






active

oldest

votes


















3














UPDATE: You can now do this by passing the --expand flag (see docs):




--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.




See this answer for an example.




In short: you can't.



The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.



Solution: start from scratch! (not really a big deal with certbot)






share|improve this answer

























  • Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

    – Robbert
    Aug 5 '16 at 13:38


















3














Use this command: certbot modifier --expand, just like the following:



sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com





share|improve this answer
































    2














    The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.



    First you'll want to list your existing certificates, just to be clear on what you have already:



    sudo certbot certificates


    You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.



    sudo certbot certonly --cert-name example.com -d example.com,www.example.com


    If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.



    sudo certbot certonly --expand -d example.com,www.example.com


    In all of these, whether you need --webroot depends on your particular configuration.






    share|improve this answer






















      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f301266%2fcertbot-add-www-domain-to-existing-domain-certificate%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      3














      UPDATE: You can now do this by passing the --expand flag (see docs):




      --expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.




      See this answer for an example.




      In short: you can't.



      The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.



      Solution: start from scratch! (not really a big deal with certbot)






      share|improve this answer

























      • Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

        – Robbert
        Aug 5 '16 at 13:38















      3














      UPDATE: You can now do this by passing the --expand flag (see docs):




      --expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.




      See this answer for an example.




      In short: you can't.



      The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.



      Solution: start from scratch! (not really a big deal with certbot)






      share|improve this answer

























      • Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

        – Robbert
        Aug 5 '16 at 13:38













      3












      3








      3







      UPDATE: You can now do this by passing the --expand flag (see docs):




      --expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.




      See this answer for an example.




      In short: you can't.



      The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.



      Solution: start from scratch! (not really a big deal with certbot)






      share|improve this answer















      UPDATE: You can now do this by passing the --expand flag (see docs):




      --expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.




      See this answer for an example.




      In short: you can't.



      The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.



      Solution: start from scratch! (not really a big deal with certbot)







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Apr 13 '17 at 12:36









      Community

      1




      1










      answered Aug 4 '16 at 16:01









      py4onpy4on

      7751522




      7751522












      • Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

        – Robbert
        Aug 5 '16 at 13:38

















      • Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

        – Robbert
        Aug 5 '16 at 13:38
















      Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

      – Robbert
      Aug 5 '16 at 13:38





      Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?

      – Robbert
      Aug 5 '16 at 13:38













      3














      Use this command: certbot modifier --expand, just like the following:



      sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com





      share|improve this answer





























        3














        Use this command: certbot modifier --expand, just like the following:



        sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com





        share|improve this answer



























          3












          3








          3







          Use this command: certbot modifier --expand, just like the following:



          sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com





          share|improve this answer















          Use this command: certbot modifier --expand, just like the following:



          sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Oct 28 '16 at 10:51









          Kevdog777

          2,107123259




          2,107123259










          answered Oct 28 '16 at 10:23









          Mudy SMudy S

          311




          311





















              2














              The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.



              First you'll want to list your existing certificates, just to be clear on what you have already:



              sudo certbot certificates


              You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.



              sudo certbot certonly --cert-name example.com -d example.com,www.example.com


              If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.



              sudo certbot certonly --expand -d example.com,www.example.com


              In all of these, whether you need --webroot depends on your particular configuration.






              share|improve this answer



























                2














                The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.



                First you'll want to list your existing certificates, just to be clear on what you have already:



                sudo certbot certificates


                You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.



                sudo certbot certonly --cert-name example.com -d example.com,www.example.com


                If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.



                sudo certbot certonly --expand -d example.com,www.example.com


                In all of these, whether you need --webroot depends on your particular configuration.






                share|improve this answer

























                  2












                  2








                  2







                  The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.



                  First you'll want to list your existing certificates, just to be clear on what you have already:



                  sudo certbot certificates


                  You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.



                  sudo certbot certonly --cert-name example.com -d example.com,www.example.com


                  If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.



                  sudo certbot certonly --expand -d example.com,www.example.com


                  In all of these, whether you need --webroot depends on your particular configuration.






                  share|improve this answer













                  The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.



                  First you'll want to list your existing certificates, just to be clear on what you have already:



                  sudo certbot certificates


                  You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.



                  sudo certbot certonly --cert-name example.com -d example.com,www.example.com


                  If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.



                  sudo certbot certonly --expand -d example.com,www.example.com


                  In all of these, whether you need --webroot depends on your particular configuration.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Feb 8 at 20:07









                  Garret WilsonGarret Wilson

                  1211




                  1211



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f301266%2fcertbot-add-www-domain-to-existing-domain-certificate%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?