Letsencrypt 将域添加到现有证书 [英] Letsencrypt add domain to existing certificate

问题描述

我只是想将域 test.example.com 添加到 example.com 已经存在的证书中.如何将域添加到现有证书并替换旧证书?

I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?

这几个命令我都试过了

./letsencrypt-auto certonly --cert-path /etc/letsencrypt/archive/example.com --expand -d test.example.com

./letsencrypt-auto certonly -d example.com --expand -d test.example.com

结果:两者都在新文件夹 test.example.com-0001 中创建了一个全新的证书

Result: both created a brand new cert in a new folder test.example.com-0001

./letsencrypt-auto certonly --renew-by-default  --expand -d test.example.com

结果:错误文件夹 test.example.com 已存在.

Result: error folder test.example.com already exists.

./letsencrypt-auto renew --expand -d orange.fidka.com

结果:错误，我只能在我的证书过期时续订.

Result: error, I can only renew if my certificate is expired.

推荐答案

你需要指定所有的名字，包括那些已经注册的名字.

You need to specify all of the names, including those already registered.

我最初使用以下命令注册一些证书:

I used the following command originally to register some certificates:

/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ 
--email me@example.com 
--expand -d example.com,www.example.com

...刚才我成功地使用了以下命令来扩展我的注册以包含一个新的子域作为 SAN:

... and just now I successfully used the following command to expand my registration to include a new subdomain as a SAN:

/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ 
--expand -d example.com,www.example.com,click.example.com

来自文档:

--expand "如果现有证书涵盖了所请求名称的某些子集，请始终扩展并用其他名称替换它."

--expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."

如果您正在运行 nginx，请不要忘记重新启动服务器以加载新证书.

Don't forget to restart the server to load the new certificates if you are running nginx.

这篇关于Letsencrypt 将域添加到现有证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！