As we already went through in part 1 of this series, requesting certificates using Let’s Encrypt and certbot is rather easy. Today we’re going to look at how you can request certificates with multiple Subject Alternative Names, or SANs for short. A SAN is the domain name embedded in the certificate, for example grumpytechie.net. A certificate can have one or multiple SANs. The classic example is having both the root name and the www. subdomain in the same certificate, i.e. grumpytechie.net and http://www.grumpytechie.net. At least personally, I usually forget either one when setting up a site, depending on what the preference for that site is. The standard on the web these days seems to be to move away from the www. subdomain, but for backwards compatibility is good to answer requests to either or.
So, we have our certificate for example.com installed and ready to go, but we need to add an additional SAN for http://www.example.com. This is stupidly easy with certbot, the only thing we need to do is tell certbot to renew the certificate, and pass two additional parameters to it, aka. the domains that we want certificates issued for. We do this by using the –expand operator and adding the domains using the -d parameter. Do note that you can add however many domains as you like, as long as they are all under the same webroot. Also note that all SANs that need to be added along with any previous need to be listed here. You can also list all domains as a comma separated list after one -d parameter, but I think separate parameters are a lot more clearer.
certbot --expand -d example.com -d www.example.com
Certbot will then go through the motions and renew the certificate with the additional domain names for you!
As I’ve previously stated, working with certbot is so simple that I at least am always in awe how painless everything is!