Letsencrypt Adding alternative names to cert?

If you want all these 5 domain/subdomains on same Letsencrypt SSL certification for pointing to the same single script/site vhost at /home/nginx/domains/domain.com/public web root.

• domain.com
• www.domain.com
• sub1.domain.com
• sub2.domain.com
• sub3.domain.com

If you have not yet created any of the 5 domains/nginx vhosts, you can use addons/acmetool.sh directly via SANS Multi-Domain SSL Certificates method.

But if you already created domain.com (example below newdomain.com), then you would have to manually do it using existing vhost guide just with minor change to step 4 instead. So for step 4 of the existing vhost guide, instead of these 2 commands

Code (Text):

/root/.acme.sh/acme.sh --force --issue --days 60 -d newdomain.com -d www.newdomain.com -w /home/nginx/domains/newdomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-newdomain.com.log --log-level 2
/root/.acme.sh/acme.sh --installcert -d newdomain.com -d www.newdomain.com --certpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.key --capath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-fullchain-acme.key

where you have

Code (Text):

-d newdomain.com -d www.newdomain.com

it would be changed to

Code (Text):

/root/.acme.sh/acme.sh --force --issue --days 60 -d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com -w /home/nginx/domains/newdomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-newdomain.com.log --log-level 2
/root/.acme.sh/acme.sh --installcert -d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com --certpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.key --capath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-fullchain-acme.key

so pass all domains your want on your letsencrypt ssl certificate

Code (Text):

-d newdomain.com -d www.newdomain.com -d sub1.newdomain.com -d sub2.newdomain.com -d sub3.newdomain.com

Note all domains have to have DNS with A records pointing to server IP first and nginx vhost server_name directive has to list them all first too i.e.

Code (Text):

server {
  listen 443 ssl http2;
  server_name newdomain.com www.newdomain.com sub1.newdomain.com sub2.newdomain.com sub3.newdomain.com;

Note all domain/subdomains listed in server_name directive would need to be exclusive used in the same single nginx vhost site and not have been created anywhere else on the server i.e. additional/separate centmin.sh menu option 2/22/nv cmd created nginx vhosts should NOT have same domain/subdomain names.

If you have existing /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf and/or /usr/local/nginx/conf/conf.d/newdomain.com.conf nginx vhosts, back those up as the contents may be changed by the letsencrypt ssl cert process done during setup.

You may want to start your own dedicated thread for your question in this forum at Domains, DNS, Email & SSL Certificates to discuss further.