How to add a domain to existing certificate generated by Let’s Encrypt/Certbot?

This question is a continuation of essentially the same question that was closed for being "off-topic" on Stack Overflow. The OP's question:

I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?


Solution 1:

With certbot 0.34.0, the procedure is simple and easy (depending on your system, substitute certbot-auto or ~/certbot-auto for certbot):

First, list your existing certificate and domains:

sudo certbot certificates

This will return your certificate name and the domains currently on the certificate, for example:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs: Certificate Name: foo.example.com
Domains: foo.example.com bar.example.com
Expiry Date: 2119-08-01 11:30:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/foo.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/foo.example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Then add commas between the domains listed after the Domains: line above, add another comma, and the domain you want to add, for example, to add baz.example.com:

sudo certbot --expand -d foo.example.com,bar.example.com,baz.example.com