Skip to content

Instantly share code, notes, and snippets.

@karenc

karenc/add-letsencrypt-domain.md

Created November 3, 2019 21:52
Show Gist options
  • Save karenc/f3740fc28e6aaada212b4eb0c1331df4 to your computer and use it in GitHub Desktop.
Save karenc/f3740fc28e6aaada212b4eb0c1331df4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
add-letsencrypt-domain.md

Add another domain to an existing letsencrypt SSL certificate using certbot

First find all the domains the existing certificate is for:

certbot certificates

It outputs something like this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: karen-chan.com
    Domains: blog.karen-chan.com checkip.karen-chan.com karen-chan.com www.karen-chan.com
    Expiry Date: 2020-02-01 20:32:02+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/karen-chan.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/karen-chan.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

You can get the domains by doing:

domains=$(certbot certificates | sed -n -e '/Domains:/ s/ /,/g; /Domains:/ s/^,*Domains:,// p')

Then you can add an extra domain example.org by doing:

certbot certonly -d $domains,example.org

Saving debug log to /var/log/letsencrypt/letsencrypt.log
          
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

I already set up nginx to serve content on port 80 on that domain so I can use webroot.

Plugins selected: Authenticator webroot, Installer None
          
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/karen-chan.conf)
          
It contains these names: blog.karen-chan.com,
checkip.karen-chan.com, karen-chan.com, www.karen-chan.com.
          
You requested these names for the new certificate: 
blog.karen-chan.com, checkip.karen-chan.com, 
karen-chan.com, www.karen-chan.com, example.org.
          
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel:

Check the existing names and new names carefully to make sure you didn't make any mistakes, and then press e and enter.

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.org
Input the webroot for example.org: (Enter 'c' to cancel):

The webroot for my site is /var/www/example.org so that's what I put here.

Waiting for verification...
Cleaning up challenges
          
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/karen-chan.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/karen-chan.com/privkey.pem
   Your cert will expire on 2020-02-01. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:
          
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

It's done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment