可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?
I have tried these few commands
./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com ./letsencrypt-auto certonly -d example.com --expand -d test.example.com
Result: both created a brand new cert in a new folder test.example.com-0001
./letsencrypt-auto certonly --renew-by-default --expand -d test.example.com
Result: error folder test.example.com already exists.
./letsencrypt-auto renew --expand -d orange.fidka.com
Result: error, I can only renew if my certificate is expired.
回答1:
You need to specify all of the names, including those already registered.
I used the following command originally to register some certificates:
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \ --email me@example.com \ --expand -d example.com,www.example.com
... and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN:
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \ --expand -d example.com,www.example.com,click.example.com
From the documentation:
--expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."
Don't forget to restart the server to load the new certificates if you are running nginx.
回答2:
This is how i registered my domain:
sudo letsencrypt --apache -d mydomain.com
Then it was possible to use the same command with additional domains and follow the instructions:
sudo letsencrypt --apache -d mydomain.com,x.mydomain.com,y.mydomain.com
回答3:
Apache on Ubuntu, using the Apache plugin:
sudo certbot certonly --cert-name example.com -d old-domain.com,www.old-domain.com,new-domain.com,www.new-domain.com
The above command is vividly explained in the Certbot user guide on changing a certificate's domain names. Note that the command for changing a certificate's domain names applies to adding new domain names as well.
回答4:
this worked for me
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d domain.com -d www.domain.com
回答5:
You can replace the certificate by just running the certbot again with ./certbot-auto certonly
You will be prompted with this message if you try to generate a certificate for a domain that you have already covered by an existing certificate:
------------------------------------------------------------------------------- You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/.conf) It contains these names: You requested these names for the new certificate: , . Do you want to expand and replace this existing certificate with the new certificate? -------------------------------------------------------------------------------
Just chose Expand and replace it.
回答6:
I was able to setup a SSL certificated for a domain AND multiple subdomains by using using --cert-name combined with --expand options.
See official certbot-auto documentation at https://certbot.eff.org/docs/using.html
Example:
certbot-auto certonly --cert-name mydomain.com.br \ --renew-by-default -a webroot -n --expand \ --webroot-path=/usr/share/nginx/html \ -d mydomain.com.br \ -d www.mydomain.com.br \ -d aaa1.com.br \ -d aaa2.com.br \ -d aaa3.com.br
