Certbot tries to renew deleted domains


I have deleted test.mydomain.org.

certbot delete --cert-name test.mydomain.org.

But when I renew certs I get:

Performing the following challenges:
tls-sni-01 challenge for test.mydomain.org

Why? How do I remove my test subdomain from certbot?

Check certbot certificates.

Perhaps another certificate has the domain listed.

Ah yes, thank you. How do I delete a domain from a certificate?

Edit: I guess I just delete all certificates containing test.mydomain.org and recreate them?

Edit2: To avoid downtime, can I just move

/etc/letsencrypt/live/something.mydomain.org to /etc/letsencrypt/live/something.mydomain.org-0123 and

/etc/letsencrypt/renewal/something.mydomain.org to /etc/letsencrypt/renewal/something.mydomain.org-0123 ?

Hi @mogoh,

The recommended approach is to rerun certbot certonly with --cert-name something.mydomain.org and a -d option for each domain that you do want the certificate to cover. Then the certificate will be replaced with a new version covering only those names.

This is not advisable. People have caused very confusing errors in Certbot by trying to reorganize the directory structure this way.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.