First find all the domains the existing certificate is for:
certbot certificates
It outputs something like this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: karen-chan.com
Domains: blog.karen-chan.com checkip.karen-chan.com karen-chan.com www.karen-chan.com
Expiry Date: 2020-02-01 20:32:02+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/karen-chan.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/karen-chan.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can get the domains by doing:
domains=$(certbot certificates | sed -n -e '/Domains:/ s/ /,/g; /Domains:/ s/^,*Domains:,// p')
Then you can add an extra domain example.org
by doing:
certbot certonly -d $domains,example.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
I already set up nginx to serve content on port 80 on that domain so I can use webroot
.
Plugins selected: Authenticator webroot, Installer None
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/karen-chan.conf)
It contains these names: blog.karen-chan.com,
checkip.karen-chan.com, karen-chan.com, www.karen-chan.com.
You requested these names for the new certificate:
blog.karen-chan.com, checkip.karen-chan.com,
karen-chan.com, www.karen-chan.com, example.org.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel:
Check the existing names and new names carefully to make sure you didn't make any mistakes, and then press e
and enter.
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.org
Input the webroot for example.org: (Enter 'c' to cancel):
The webroot for my site is /var/www/example.org
so that's what I put here.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/karen-chan.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/karen-chan.com/privkey.pem
Your cert will expire on 2020-02-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
It's done!