Adding SANs to Let’s Encrypt Certificates – LE Series Part 2

As we already went through in part 1 of this series, requesting certificates using Let’s Encrypt and certbot is rather easy. Today we’re going to look at how you can request certificates with multiple Subject Alternative Names, or SANs for short. A SAN is the domain name embedded in the certificate, for example grumpytechie.net. A certificate can have one or multiple SANs. The classic example is having both the root name and the www. subdomain in the same certificate, i.e. grumpytechie.net and http://www.grumpytechie.net. At least personally, I usually forget either one when setting up a site, depending on what the preference for that site is. The standard on the web these days seems to be to move away from the www. subdomain, but for backwards compatibility is good to answer requests to either or.

So, we have our certificate for example.com installed and ready to go, but we need to add an additional SAN for http://www.example.com. This is stupidly easy with certbot, the only thing we need to do is tell certbot to renew the certificate, and pass two additional parameters to it, aka. the domains that we want certificates issued for. We do this by using the –expand operator and adding the domains using the -d parameter. Do note that you can add however many domains as you like, as long as they are all under the same webroot. Also note that all SANs that need to be added along with any previous need to be listed here. You can also list all domains as a comma separated list after one -d parameter, but I think separate parameters are a lot more clearer.

certbot --expand -d example.com -d www.example.com

Certbot will then go through the motions and renew the certificate with the additional domain names for you!

As I’ve previously stated, working with certbot is so simple that I at least am always in awe how painless everything is!

Advertisements


Categories: Tech

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: