Let’s encrypt bietet kostenlose Zertifikate zur Verschlüsselung an. In diesem Beispiel erweitern wir unser bestehendes Zertifikat um die Domain newexample.com. Das Vorgehen für eine Subdomain ist dasselbe. Mittels:
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 1234567890acb1234567890abc1234567890
Key Type: ECDSA
Domains: example.com test.example.com example2.com example3.com
Expiry Date: 2023-07-28 17:09:45+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/nyx7.ch/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nyx7.ch/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wird uns der Zertifikatsname mit allen zugehörenden Domains angezeigt. Möchten wir nun das bestehende Zertikikat um eine Domain oder Subdomain (newexample.com) erweitern, müssen wir das Zertifikat example.com für alle Domains und Subdomains erweitern.
Die Erweiterung des Zertifikates per expand:
# certbot --expand -d example.com,test.example.com,example2.com,example3.com,newexample.com
# certbot --expand -d example.com,test.example.com,example2.com,example3.com,newexample.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for example.com and 4 more domains
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2023-07-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for example.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Successfully deployed certificate for test.example.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Successfully deployed certificate for example2.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Successfully deployed certificate for example3.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
We were unable to find a vhost with a ServerName or Address of newexample.com.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled
2: 000-default.conf | | | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Successfully deployed certificate for newexample.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Your existing certificate has been successfully renewed, and the new certificate has been installed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Um jedoch ein neues Zertifikat für die Domain zu bekommen, tippen wir:
# certbot certonly -d newexample.com
ein. Mehrere Domain und Subdomain werden durch ein Komma getrennt.