Renew a certificate for multiple domains

This scenario describes step-by-step how to renew the certificate for the following domains:
example.com, www.example.com, admin.example.com and www.admin.example.com.

Requirements:

• PJAC

As in scenario 1 PJAC is executed on the same machine as the webserver serving the domains runs on. Again, we use HTTP01 authentication in this scenario. The webserver is configured to serve content over HTTP (port 80) for all above mentioned domains from a single document root /var/www/.

The files and subdirectories in /etc/pjac/ that were generated/made in scenario 1 are still there. The certificates were generated ten weeks ago, so the authorizations for the domains will be expired.

---

1. Request new challenges and download them:

   java -jar acme_client.jar --command authorize-domains -a /etc/pjac/account.key
     -w /etc/pjac/workdir/ -d example.com -d www.example.com -d admin.example.com
     -d www.admin.example.com --well-known-dir /var/www/.well-known/acme-challenge/
     --one-dir-for-well-known --with-agreement-update
   

   For each domain name a new challenge file is downloaded and saved to the directory /var/www/.well-known/acme-challenge.

2. Verify the challenges:

   java -jar acme_client.jar --command verify-domains -a /etc/pjac/account.key
     -w /etc/pjac/workdir/ -d example.com -d www.example.com -d admin.example.com
     -d www.admin.example.com
   

   The domains are now authorized again.

3. Renew certificate:

   java -jar acme_client.jar --command renew-certificate -a /etc/pjac/account.key
     -w /etc/pjac/workdir/ --cert-dir /etc/pjac/certdir/
     --csr /etc/pjac/example.com.csr
   

4. Done. The following files in the directory /etc/pjac/certdir/ should be renewed:
   cert.pem,
   chain.pem and
   fullchain.pem