Letsencrypt add domain to existing certificate

Jeff Davenport picture Jeff Davenport · Jul 11, 2016 · Viewed 139.3k times · Source

I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?

I have tried these few commands

./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com

./letsencrypt-auto certonly -d example.com --expand -d test.example.com

Result: both created a brand new cert in a new folder test.example.com-0001

./letsencrypt-auto certonly --renew-by-default  --expand -d test.example.com

Result: error folder test.example.com already exists.

./letsencrypt-auto renew --expand -d orange.fidka.com

Result: error, I can only renew if my certificate is expired.

Answer

Simon Hampel picture Simon Hampel · Jul 12, 2016

You need to specify all of the names, including those already registered.

I used the following command originally to register some certificates:

/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
--email [email protected] \
--expand -d example.com,www.example.com

... and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN:

/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
--expand -d example.com,www.example.com,click.example.com

From the documentation:

--expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."

Don't forget to restart the server to load the new certificates if you are running nginx.