{{tag>letsencrypt ssl apache}}

====== Expand existing letsencrypt certficate for multiple domains  ======
===== Check existing certifcates =====


  certbot-auto certificates
  
===== Expand existing one =====

Remember to include the already existing domain certificate (staging.example.com).
  certbot-auto certonly --expand -d staging.example.com,subdomain1.staging.example.com,subdomain100.staging.example.com,subdomain200.staging.example.com

This will result in a certificate valid for all above domains.

===== Tweak the apache configuration =====
Only additions are shown below.

Non ssl conf:
<code apache>
...
ServerAlias *.staging.example.com
...
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</code>

SSL conf:
<code apache>
...
ServerAlias *.staging.example.com
...
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/staging.example.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/staging.example.com-0001/privkey.pem
</code>
====== Tested on ======
  * Debian 10.7

====== See also ======
  * [[wiki:update_letsencrypt_mail_address_resubscribe|Update Letsencrypt mail address or resubscribe]]
  * [[wiki:letsencrypt_certificate_via_dns_authentication|Letsencrypt certificate via DNS authentication]]