Changing the list of domains of a certificate

Say I have a certificate with a main domain name example.com and several additional domain names. This certificate is installed under /etc/letsencrypt/archive/example.com. Now I want to obtain a new certificate with the same main domain name (example.com), but a different list of additional domain names. For extending the list of domain names, certbot has the --expand option, but what if I also want to remove additional domain names?

For removal, as far as I am aware, you’d basically need to treat it as a different certificate lineage. Just request a new certificate with the domain list you want. If the first domain already has a directory in the letsencrypt area, you’ll find a new directory named something like example.com-0001. If you want to keep things clean and don’t intend to continue using the already-issued certificate, you can clean out all references in the /etc/letsencrypt directory structure. Make sure to make a backup if you do that.

Thank you for this information. I think this is clear now.

This will be different in a forthcoming release of Certbot. @erica has implemented some new certificate management functionality which provides a way to remove names as well as adding them. We’ll also update the documentation to reflect the new features.

1 Like

Great! When will this new version of Certbot be released?

Probably later this week.

Great! Then I think I will wait with my certificate change until this new release.

I guess, certbot-auto will automatically update to this newer version. Is this correct?

Have these changes to Certbot been made in the meantime? Apparently, the section “Re-running Certbot” of the Certbot User Guide does not mention any way to remove domain names.

Hi @jeltsch, the new features did go in and so if you’re using certbot-auto you probably already have them. I will check about the documentation updates.

The new functionality is based on --cert-name as a way to refer to a specific existing certificate, removing ambiguity about whether your a list of domains is meant to specify a certificate or to update a certificate.

I learned that a documentation update is in progress at

Maybe looking at that will explain the details that you need even before it appears in the regular public documentation.

Yes, this helped. I was able to renew my certificate with a different set of domains. Thanks a lot.

Great, I’m glad that worked! This should be visible in the regular documentation for everybody soon.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.