I recently let one of my old domains, learn-to-fly.info, expire. My domains include: cfr.pub , *.ivo-welch.info, learn-to-fly.info . So, now certbot does not want to "renew", with messages like
Renewing an existing certificate for cfr.pub and 23 more domains
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Detail: DNS problem: SERVFAIL looking up A for learn-to-fly.info - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for learn-to-fly.info - the domain's nameservers may be malfunctioning
which is of course expected. it also prevents renewal of all the other domains. so, I ran
which tells me only cfr.pub of the first of about 20-25 domains. all the other ones that appear when I just type certbot do not show up. I probably just hosed everything with bad tinkering.
at this point, I am thinking that the smart thing would be to scratch whatever I have, and just start over. is there a list of recommended steps? I presume apt remove certbot would be a terrible idea, because there are still fragments in /etc/certbot, entries in the nginx config directory, etc. It would probably hose the hosed setup even further.
You could add this to the renew command for the cert name in question. The risk here is that some other active domain name fails for a transient reason and gets removed from the cert.
That said, this can do what you want
When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. This option cannot be used with --csr. (default: False)