How To Generate A Let's Encrypt Certificate For Several Hostnames

Over on my personal website I encountered a problem when I created a redirect from to The web server, in this case, Apache2, first negotiates the HTTPS connection before doing the redirect.

This was a problem because the Let’s Encrypt certificate I generated was only valid for the Common Name (CN) This caused my browser to display a certificate warning as the certificate didn’t include the CN

I’ve also noticed this elsewhere when I click on links that are different, usually it’s the wwws, to the CN in the certificate.

The problem was easily solved by using Certbot utility to add additional CNs to the certificate it generates and renews for my site.

All you need to do is to use the certbot utility with its –expand option.

Here is the command I ran to generate a certificate for and

certbot certonly --expand -d -d

You can add as many hostnames as you like by just appending them with a -d.

Taking a look at the certificate with OpenSSL :

openssl x509 -in /etc/letsencrypt/live/ -text

We can see the following sections:

Subject: CN =

X509v3 Subject Alternative Name:,

The certificate now allows the webserver redirection from to without any errors.