I recently registered a new domain that I’d like to add as an alias to my website. I’ve added the new domain to my project but I’m a little confused as to how to configure it as an alias.
I added a CNAME record for the new domain that points to the current domain, as per this article. However, when I access the new domain, my browser returns an “ERR_CERT_COMMON_NAME_INVALID” error. I assume this means that a valid SSL certificate needs to be added for the new domain.
Does this mean that I need to add a Let’s Encrypt SSL certificate for the new domain, like I did for the old one when I created the site? Or do I replace the site’s existing Let’s Encrypt certificate with a brand new one that includes both domains?
FWIW, my droplet is running Ubuntu 20.04 and uses Apache.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hi there!
Let’s start by identifying the root cause. The ERR_CERT_COMMON_NAME_INVALID error indicates a mismatch between your SSL certificate and the new domain. It’s essential to ensure that your SSL certificate acknowledges your new domain, similar to adding an authorized guest to an exclusive list.
Configuring Apache for the New Domain Alias: Now, let’s focus on updating your Apache configuration to recognize the new domain:
-
Access your Apache virtual host configuration file, typically located at
/etc/apache2/sites-available/your-config-file.conf. -
Within this file, locate the
ServerNamedirective, which specifies your primary domain. Directly beneath it, insertServerAlias your-new-domain.com. This directive instructs Apache to treat requests for your new domain as if they were for the primary domain. -
Save your modifications and exit the editor. This step integrates your new domain into the Apache configuration.
Testing Configuration and Restarting Apache: It’s crucial to validate the changes and ensure Apache is running smoothly:
-
Execute
sudo apache2ctl configtest. This command performs a syntax check of your Apache configuration files. A “Syntax OK” message indicates that the configuration is error-free. -
Provided the configuration test passes, proceed to restart Apache using
sudo systemctl restart apache2. This action applies the new configuration settings.
Expanding the SSL Certificate with Certbot: The final step involves updating your SSL certificate to include the new domain:
-
Run the command
sudo certbot --expand -d existingdomain.com -d newdomain.com. This instructs Certbot to update your existing SSL certificate to cover the new domain. -
Follow the on-screen prompts provided by Certbot to complete the process.
-
Upon completion, your SSL certificate should now encompass your new domain, ensuring secure connections.
Let me know how it goes!
Best,
Bobby
Heya,
Here’s what you need to do:
-
Update SSL Certificate for Both Domains: You don’t necessarily need to replace your existing SSL certificate; you can update it to include the new domain. This process involves generating a new certificate that covers both your original domain and the new alias.
-
Using Let’s Encrypt for Multiple Domains: Since you’re already using Let’s Encrypt, you can use it to generate a certificate that covers both domains. This is done using the
certbotcommand with both domains specified.
Here’s a step-by-step guide:
Step 1: Update Apache Configuration
- Ensure that your Apache configuration for the site includes the new domain as a ServerAlias.
- For example, in your site’s configuration file (
/etc/apache2/sites-available/your-site.conf), add:
ServerAlias newdomain.com
Step 2: Generate a New SSL Certificate
- Run Certbot with both domains specified. The command would look something like this:
sudo certbot --apache -d existingdomain.com -d newdomain.com
- This command tells Certbot to obtain a certificate that covers both your original domain and the new one.
- Follow the prompts to complete the process.
Step 3: Verify Apache Configuration
- After obtaining the certificate, Certbot usually updates the Apache configuration automatically. However, it’s good practice to check.
- Ensure the SSLCertificateFile and SSLCertificateKeyFile directives in your Apache configuration are pointing to the new certificate files.
Step 4: Restart Apache
- Once everything is set up, restart Apache to apply the changes:
sudo systemctl restart apache2
Step 5: Test Your Configuration
- After restarting Apache, test both the original and new domains in your web browser to ensure they are serving over HTTPS without errors.
- You can also use an SSL checker online to verify that both domains are covered by the SSL certificate.
Remember, every time you renew your SSL certificate with Let’s Encrypt, both domains will be included. It’s essential to keep your SSL certificates up to date to avoid any security warnings or accessibility issues with your site.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.