This is another note to self, I must have done this 20 or 30 times over the years but I can never remember exactly how.
The easiest way I've found to add subject alternate names to certificate requests is to add two lines at the end of
Then when creating a CSR simply include
openssl req -out CSR.csr -new -newkey rsa:4096 -nodes -keyout privateKey.key -reqexts SAN
openssl req -out CSR.csr -key my-existing-key.example.com.key -new -sha256 -reqexts SAN
It's that simple.