How To Generate A Let's Encrypt Certificate For Several Hostnames

Over on my personal website https://elliotcooper.com I encountered a problem when I created a redirect from https://www.elliotcooper.com to https://elliotcooper.com. The web server, in this case, Apache2, first negotiates the HTTPS connection before doing the redirect.

This was a problem because the Let’s Encrypt certificate I generated was only valid for the Common Name (CN) elliotcooper.com. This caused my browser to display a certificate warning as the certificate didn’t include the CN www.ellitocooper.com.

I’ve also noticed this elsewhere when I click on links that are different, usually it’s the wwws, to the CN in the certificate.

The problem was easily solved by using Certbot utility to add additional CNs to the certificate it generates and renews for my site.

All you need to do is to use the certbot utility with its –expand option.

Here is the command I ran to generate a certificate for elliotcooper.com and www.elliotcooper.com:

certbot certonly --expand -d elliotcooper.com -d www.elliotcooper.com

You can add as many hostnames as you like by just appending them with a -d.

Taking a look at the certificate with OpenSSL :

openssl x509 -in /etc/letsencrypt/live/elliotcooper.com/cert.pem -text

We can see the following sections:

Subject: CN = elliotcooper.com

X509v3 Subject Alternative Name:
  DNS:elliotcooper.com, DNS:www.elliotcooper.com

The certificate now allows the webserver redirection from https://www.elliotcooper.com to https://elliotcooper.com without any errors.