Certbot add www domain to existing domain certificate
Clash Royale CLAN TAG#URR8PPP
I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache
$ certbot --apache
You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.
debian apache-httpd letsencrypt
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
add a comment |
I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache
$ certbot --apache
You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.
debian apache-httpd letsencrypt
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the$ certbot --apachecommand. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.
– Robbert
Aug 4 '16 at 12:19
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23
add a comment |
I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache
$ certbot --apache
You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.
debian apache-httpd letsencrypt
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
I have installed an SSL certificate from Let's Encrypt with Certbot on my Apache server with Debian 8 following this tutorial from Let's Encrypt's own documentation: https://certbot.eff.org/#debianjessie-apache
$ certbot --apache
You need to specify the domains where you want to install the certificates for, but I only added the example.com domain. Now I want to add the www.example.com, but cannot find how to do this.
debian apache-httpd letsencrypt
debian apache-httpd letsencrypt
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
edited Aug 4 '16 at 13:09
Jeff Schaller
42.9k1159137
42.9k1159137
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
asked Aug 4 '16 at 12:03
RobbertRobbert
13315
13315
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the$ certbot --apachecommand. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.
– Robbert
Aug 4 '16 at 12:19
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23
add a comment |
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the$ certbot --apachecommand. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.
– Robbert
Aug 4 '16 at 12:19
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the
$ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.– Robbert
Aug 4 '16 at 12:19
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the
$ certbot --apache command. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.– Robbert
Aug 4 '16 at 12:19
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23
add a comment |
3 Answers
3
active
oldest
votes
UPDATE: You can now do this by passing the --expand flag (see docs):
--expandtells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
See this answer for an example.
In short: you can't.
The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.
Solution: start from scratch! (not really a big deal with certbot)
edited Apr 13 '17 at 12:36
Community♦
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
add a comment |
Use this command: certbot modifier --expand, just like the following:
sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
add a comment |
The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.
First you'll want to list your existing certificates, just to be clear on what you have already:
sudo certbot certificates
You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.
sudo certbot certonly --cert-name example.com -d example.com,www.example.com
If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.
sudo certbot certonly --expand -d example.com,www.example.com
In all of these, whether you need --webroot depends on your particular configuration.
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f301266%2fcertbot-add-www-domain-to-existing-domain-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
UPDATE: You can now do this by passing the --expand flag (see docs):
--expandtells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
See this answer for an example.
In short: you can't.
The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.
Solution: start from scratch! (not really a big deal with certbot)
edited Apr 13 '17 at 12:36
Community♦
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
add a comment |
UPDATE: You can now do this by passing the --expand flag (see docs):
--expandtells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
See this answer for an example.
In short: you can't.
The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.
Solution: start from scratch! (not really a big deal with certbot)
edited Apr 13 '17 at 12:36
Community♦
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
add a comment |
UPDATE: You can now do this by passing the --expand flag (see docs):
--expandtells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
See this answer for an example.
In short: you can't.
The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.
Solution: start from scratch! (not really a big deal with certbot)
edited Apr 13 '17 at 12:36
Community♦
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
UPDATE: You can now do this by passing the --expand flag (see docs):
--expandtells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
See this answer for an example.
In short: you can't.
The domains you specify during the initial config become integral parts of the final certificate that is then signed by Let's Encrypt. You can't retroactively change it by adding additional domains or even subdomains as this would undermine its validity.
Solution: start from scratch! (not really a big deal with certbot)
edited Apr 13 '17 at 12:36
Community♦
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
edited Apr 13 '17 at 12:36
Community♦
1
edited Apr 13 '17 at 12:36
Community♦
1
edited Apr 13 '17 at 12:36
Community♦
1
1
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
answered Aug 4 '16 at 16:01
py4onpy4on
7751522
7751522
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
add a comment |
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
Thanks for your answer. In the mean time I have installed a completely new server installation because I removed the files from certbot, but was not able to reinstall it. Do you know how to uninstall it easily?
– Robbert
Aug 5 '16 at 13:38
add a comment |
Use this command: certbot modifier --expand, just like the following:
sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
add a comment |
Use this command: certbot modifier --expand, just like the following:
sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
add a comment |
Use this command: certbot modifier --expand, just like the following:
sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
Use this command: certbot modifier --expand, just like the following:
sudo certbot-auto certonly --webroot -w /srv/www/htmlroot/ --expand -d domain1.com -d domain2.com -d www.domain1.com
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
edited Oct 28 '16 at 10:51
Kevdog777
2,107123259
2,107123259
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
answered Oct 28 '16 at 10:23
Mudy SMudy S
311
311
add a comment |
add a comment |
The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.
First you'll want to list your existing certificates, just to be clear on what you have already:
sudo certbot certificates
You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.
sudo certbot certonly --cert-name example.com -d example.com,www.example.com
If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.
sudo certbot certonly --expand -d example.com,www.example.com
In all of these, whether you need --webroot depends on your particular configuration.
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
add a comment |
The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.
First you'll want to list your existing certificates, just to be clear on what you have already:
sudo certbot certificates
You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.
sudo certbot certonly --cert-name example.com -d example.com,www.example.com
If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.
sudo certbot certonly --expand -d example.com,www.example.com
In all of these, whether you need --webroot depends on your particular configuration.
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
add a comment |
The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.
First you'll want to list your existing certificates, just to be clear on what you have already:
sudo certbot certificates
You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.
sudo certbot certonly --cert-name example.com -d example.com,www.example.com
If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.
sudo certbot certonly --expand -d example.com,www.example.com
In all of these, whether you need --webroot depends on your particular configuration.
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
The existing answers are correct, but not everyone may be clear (I wasn't) about what is going on, especially after reading the official certbot docs on the subject.
First you'll want to list your existing certificates, just to be clear on what you have already:
sudo certbot certificates
You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.
sudo certbot certonly --cert-name example.com -d example.com,www.example.com
If you trust certbot to figure out the correct certificate (analogous to the "I'm feeling lucky" button Google used to have for searches), it appears you can skip the --cert-name and use --expand instead. This way certbot will find which certificate you are referring to by picking the one that has a subset (a proper subset—the docs say a "strict subset") of the domains you indicate.
sudo certbot certonly --expand -d example.com,www.example.com
In all of these, whether you need --webroot depends on your particular configuration.
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
answered Feb 8 at 20:07
Garret WilsonGarret Wilson
1211
1211
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f301266%2fcertbot-add-www-domain-to-existing-domain-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
what commands have you run? and what have you tried?
– Vlastimil
Aug 4 '16 at 12:11
@burian.vlastimil I have installed certbot on my server and configured the domain during the proces of the
$ certbot --apachecommand. So my example.com domain works perfect, but I know only need to add the certificate to the www.example.com domain.– Robbert
Aug 4 '16 at 12:19
I use the older version of lets encrypt but I believe you would need to delete the old cert and recreate it
– Vlastimil
Aug 4 '16 at 12:20
If I was in your position, supposing you have only one domain, I would purge certbot with all config and install it again and make sure there is nothing left before I install it again
– Vlastimil
Aug 4 '16 at 12:23