Random thoughts

Yeah, well, that's just, like, your opinion, man.

Jeff Lebowski

Adding an alternative name to a Let's Encrypt certificate

Here is a short guide to add a new subject alternative name to an existing certificate managed by certbot.

From time to time, I need to add or remove a domain name to my reverse-proxy. After updating the DNS zone of my domain, I need to let the certbot utility update its certificates.

First, to view the certbot managed certificates, type this (with sudo or as root if needed):

certbot certificates

It will tell you about the domains managed, the first one being used as the certificate name.

Then a dry-run of the update with the actual update:

certbot certonly --cert-name <certificate name> --expand --dry-run \
    --domains <main domain>,<other domain>,<you new domain>
certbot certonly --cert-name <certificate name> --expand \
    --domains <main domain>,<other domain>,<you new domain>

You’re new certificate should be ready. I tend to check it manually with:

openssl x509 -noout -text -in <path to cert>

And if it’s all OK and depending on your software using your certificates, reload your app so that it uses it.