Adding an alternative name to a Let's Encrypt certificate
Here is a short guide to add a new subject alternative name to an
existing certificate managed by certbot
.
From time to time, I need to add or remove a domain name to my
reverse-proxy. After updating the DNS zone of my domain, I need to let
the certbot
utility update its certificates.
First, to view the certbot managed certificates, type this (with
sudo
or as root if needed):
certbot certificates
It will tell you about the domains managed, the first one being used as the certificate name.
Then a dry-run of the update with the actual update:
certbot certonly --cert-name <certificate name> --expand --dry-run \
--domains <main domain>,<other domain>,<you new domain>
certbot certonly --cert-name <certificate name> --expand \
--domains <main domain>,<other domain>,<you new domain>
You’re new certificate should be ready. I tend to check it manually with:
openssl x509 -noout -text -in <path to cert>
And if it’s all OK and depending on your software using your certificates, reload your app so that it uses it.