Certbot - Remove one domain from a SAN cert (multiple domains)

I have a cert that won’t renew due to one of the domains having moved their web hosting and thus the DNS is no longer pointing to where it used to be. The error is:

Type: unauthorized
Detail: Invalid response from

which is causing a failure for the entire cert. Whats the best way to either remove the problematic domain, or just recreate the cert? Thanks.

hi @hal1

Starting a new chain is an option. There are also the flags below

–cert-name flag can also be used to modify the domains a certificate contains, by specifying new domains using the -d or --domains flag. If certificate example.com previously contained example.com and www.example.com, it can be modified to only contain example.com by specifying only example.com with the -d or --domains flag.

–allow-subset-of-names tells Certbot to continue with certificate generation if only some of the specified domain authorizations can be obtained. This may be useful if some domains specified in a certificate no longer point at this system.


1 Like

Thank you! --allow-subset-of-names was exactly what I needed and had not seen it in the docs. Worked like a charm!

Wow, I have actually never heard of intentionally using --allow-subset-of-names to remove specific names from a cert, but that’s great if it works.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.