About | Blog

How to add a subdomain to an existing Certbot certificate?

December 27, 2020

I use Certbot to manage SSL certificates on this website running on Apache2, and I wanted to create a new secured subdomain.

It's as simple as:

certbot --apache -d yourdomain -d www.yourdomain -d subdomain.yourdomain -d www.subdomain.yourdomain --expand

Don't forget to add every initial domain. Also, the --expand option is important:

--expand   If an existing certificate is a strict subset of the
           requested names, always expand and replace it with the
           additional names. (default: Ask)

If you want to redirect all HTTP connections to the HTTPS version, duplicate your 443 vhost to a non-secured 80 vhost and add a rewrite rule. For instance:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain [OR]
RewriteCond %{SERVER_NAME} =domain
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]