Just wondering.
In the automation of creating certs for 1000± domains i was using something like this:
/certbot-auto certonly --expand --webroot -w /data/www/letsencrypt/ $domains
which i’ve now replaced with:
./certbot-auto certonly -n --cert-name multi-san1.tld --webroot -w /data/www/letsencrypt/ $domains
With the added bonus that i can remove domains from certs and keeping the same lineage
Do i have this correct that --expand is obsolete? or am i missing something here.
--cert-name is a more general feature that can be used for more purposes and to exercise more precise control. It was added more recently as part of the “certificate management improvement project” in Certbot development in order to give people more control over their certificates. If you know the name of the specific certificate lineage you want to act on, --cert-name is preferable to --expand.
As you noticed, --cert-name is also the only way to remove domains from existing certificates with Certbot.