Reputation: 1367
How to add change certificates issued by letsencrypt?
As far as I understand the letsencrypt FAQ, the recommended way to use the certificates on multiple subdomains is to use the Subject Alternative Name (SAN).
I my case I have a growing number of subdomains where I can not predict the names. This means that I have to change the certificate everytime a subdomain comes along to the existing subdomains.
How can I change an existing certificate? Simply renewing with an additional SAN seems not to work.
For what it's worth, this is how I'm renewing the certificate:
letsencrypt certonly --standalone \
--email [email protected] \
--renew-by-default \
--agree-tos \
-d www.example.org \
-d example.org \
-d client-a.example.org \
-d client-b.example.org \
-d client-c.example.org
Now I need to add client-d.example.org.
Upvotes: 2
Views: 1366
Answers (1)
Reputation: 6908
If you add new SANs without the --expand flag, a new certificate directory will be created, something like /etc/letsencrypt/live/www.example.com-0001. If you want to extend the current certificate, just append the --expand flag.
However, if you can't predict the subdomains, Let's Encrypt is currently not the right thing for you. It's the one use case that really needs wildcard certificates. And Let's Encrypt doesn't currently offer wildcard certificates.
Upvotes: 1
Related Questions
- javax.net.ssl.SSLException: Certificate doesn't match any of the subject alternative names
- Unable to update the default certificate on application load balancer using aws cli
- MariaDB SSL using self signed client cert with letsencrypt signed server cert
- Subdomains not working after migration due to uppercase presence
- How can i dynamically create new LetsEncrypt/Certbot SSL certificates for domains pointing to my server?
- Is it possible to update the expiration date of a cert with certbot, but not update the cert contents?