Updating domains breaks startup. #20

henti · 2025-05-10T12:14:16Z

I followed the instructions to test with a single domain (smokeping.my_personal_domain.com) and it worked fine. When I added pi-hole.my_personal_domain.com it broke with:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/smokeping.my_personal_domain.com.conf)

It contains these names: smokeping.my_personal_domain.com

You requested these names for the new certificate: smokeping.my_personal_domain.com, pi-hole.my_personal_domain.com.

Do you want to expand and replace this existing certificate with the new certificate?

(You can set this with the --expand flag)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My command for one domain was:

name="letsencrypt"
email="hentgi@my_personal_domain.com"
image="serversideup/certbot-dns-cloudflare:latest"
domains="smokeping.my_personal_domain.com"
token="blah"

    docker run \
     -d \
     --rm \
     --name $name \
     -e PUID=1000 \
     -e PGID=1000 \
     -e CERTBOT_DOMAINS="$domains" \
     -e CERTBOT_EMAIL="$email" \
     -e CLOUDFLARE_API_TOKEN="$token" \
     -v /home/henti/docker/letsencrypt:/etc/letsencrypt \
     -v /home/henti/docker/letsencrypt/log:/var/log/letsencrypt \
     $image

To add a second domain, I updated:

domains="smokeping.my_personal_domain.com,pi-hole.my_personal_domain.com"

Even more strangely, when I remove all the letsencrypt data and run the same config I only get a certificate for the first domain.

Let's Encrypt, shall we?
-----------------------------------------------------------
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for smokeping.my_personal_domain.com and pi-hole.my_personal_domain.com
Waiting 10 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/smokeping.my_personal_domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/smokeping.my_personal_domain.com/privkey.pem
This certificate expires on 2025-08-08.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

I monitored cloudflare and both domains had acme challenge DNS entries.

The text was updated successfully, but these errors were encountered:

henti · 2025-05-10T12:19:27Z

I see now that certbot adds additional domains as "Subject Alternative Name" to the first. So this is actually working correctly.

henti · 2025-05-10T12:21:24Z

Actually, this will also explain the first failure, since we need to update the certificate, and certbot needs to know how, hence the --expand comment. I'll create a PR to add support for this.

henti linked a pull request May 10, 2025 that will close this issue

Add support for expand #21

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Updating domains breaks startup. #20

Updating domains breaks startup. #20

henti commented May 10, 2025

henti commented May 10, 2025

Uh oh!

henti commented May 10, 2025

Uh oh!

Uh oh!

Updating domains breaks startup. #20

Updating domains breaks startup. #20

Comments

henti commented May 10, 2025

henti commented May 10, 2025

Uh oh!

henti commented May 10, 2025

Uh oh!