Let’s encrypt bietet kostenlose Zertifikate zur Verschlüsselung an. In diesem Beispiel erweitern wir unser bestehendes Zertifikat um die Domain newexample.com. Das Vorgehen für eine Subdomain ist dasselbe. Mittels:
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: example.com Serial Number: 1234567890acb1234567890abc1234567890 Key Type: ECDSA Domains: example.com test.example.com example2.com example3.com Expiry Date: 2023-07-28 17:09:45+00:00 (VALID: 87 days) Certificate Path: /etc/letsencrypt/live/nyx7.ch/fullchain.pem Private Key Path: /etc/letsencrypt/live/nyx7.ch/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wird uns der Zertifikatsname mit allen zugehörenden Domains angezeigt. Möchten wir nun das bestehende Zertikikat um eine Domain oder Subdomain (newexample.com) erweitern, müssen wir das Zertifikat example.com für alle Domains und Subdomains erweitern. Die Erweiterung des Zertifikates machen wir per expand:
# certbot --expand -d example.com,test.example.com,example2.com,example3.com,newexample.com
# certbot --expand -d example.com,test.example.com,example2.com,example3.com,newexample.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for example.com and 4 more domains Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem This certificate expires on 2023-07-30. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for example.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf Successfully deployed certificate for test.example.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf Successfully deployed certificate for example2.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf Successfully deployed certificate for example3.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf We were unable to find a vhost with a ServerName or Address of newexample.com. Which virtual host would you like to choose? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: 000-default-le-ssl.conf | Multiple Names | HTTPS | Enabled 2: 000-default.conf | | | Enabled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Successfully deployed certificate for newexample.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf Your existing certificate has been successfully renewed, and the new certificate has been installed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -