This is a simple one, but i’ve found myself in a scenario where i’ve not worked with certbot before and had to add multiple DNS entries to a cert.

Usually a good practice to check what certs are managed by certbot on the server:

certbot certificates

Another really nice feature of certbot is --dry-run, which shows any misconfigurations, etc.

Running a certificate renewal with multiple DNS entries is done with:

certbot certonly --cert-name <CERT-NAME> --expand --dry-run --domains <MAIN_DOMAIN>,<OTHER_DOMAIN>,<NEW_DOMAIN>

|> If the above --dry-run comes back with no errors, to renew the certificates remove it and rerun the above to renew the options.

Best way that we can check the certificate is with:

openssl x509 -noout -text -in <PATH-TO-CERT>