Open crovaxon opened 3 years ago
Sorry, I couldn't find another way to upvote this enhancement proposal. But I painfully miss this feature, too. I've already made a cert expansion once, but it is pretty laborious:
Having an "Add subdomain" / "Edit subdomains" button would be a vast improvement for the whole process.
I use LetsEncrypt for a longer time and there is even no need to expand
Certificate. You can simply add new domains to existing one with command via Changing a Certificate’s Domains:
certbot certonly --cert-name example.com --domains example.com,example2.com,example3.com
Or remove from the Certification via:
certbot certonly --cert-name example.com --domains example.com
So, basically there is ZERO changes in code, because you are using this feature already with domain separation via ,
. What is missing is only Edit button.
UPDATE: Workaround how to add/remove domain manually.
npm-
prefix. E.g. if your container name is npm
:
docker exec npm ls -la /etc/letsencrypt/live/ | grep npm-
drwxrwxr-x+ 2 root root 4096 Dec 23 10:37 npm-2
npm-2
. You have to provide all domains
docker exec -it npm certbot certonly --cert-name npm-2 --domains example.com,example2.com --authenticator webroot --webroot-path /data/letsencrypt-acme-challenge
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An ECDSA certificate named npm-2 already exists. Do you want to update its key type to RSA?
(U)pdate key type/(K)eep existing key type: K
You are updating certificate npm-2 to include new domain(s):
You are also removing previously included domain(s): (None)
Did you intend to make this change?
(U)pdate certificate/(C)ancel: U Renewing an existing certificate for example.com and example2.com
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/npm-2/fullchain.pem Key is saved at: /etc/letsencrypt/live/npm-2/privkey.pem This certificate expires on 2023-05-21. These files will be updated when the certificate renews.
NEXT STEPS:
The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
If you like Certbot, please consider supporting our work by:
3. Enable "Force SSL" back.
Issue is now considered stale. If you want to keep it open, please comment :+1:
👍
👍
Are you in the right place? I hope I am, as I am considering this a feature request I could not find by searching in the existing issues.
Is your feature request related to a problem? Please describe. Currently there is no way to add subdomains to an existing certificate using the UI, unless I am mistaken. I would have to remove my existing certificate and reissue it with all previous subdomains including the new one. I haven't done that yet because I did not want to risk breaking my existing proxy settings and potentially have to edit each and set the certificate again after having it recreated.
Describe the solution you'd like Ability to add one or more new subdomains to an existing certificate via the comfortable UI this project offers. Certbot itself is able to do so via expanding onto the existing certificate. This will renew it and also add the new domains. See https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates
Describe alternatives you've considered Dropping to terminal in my docker instance and manually interacting with certbot to do the expansion like I was doing it prior to switching to NGM as my reverse proxy. I do not plan to add subdomains very often but when I do, it would be nice to not have to it manually. Also I am not sure if NGM will actually pick up on the manual change, which is why I have not tried to do that yet.
Additional context No extra context