Deleting a single domain into a single cert

Hi Friends,
I would like to remove a single domain contained in a aggregate certificate.
In my case, I’ve a single certificate, that contains all server domains.
I’m not able to find the correct way on the user guide.

Using “certbot certificates” I can view all domain name and the single certificate name.
But I cannot find the right way to remove/delete a single domain.

Please, could you suggest the correct way before I make disasters? :smiley:

Many thanks!


See documentation on “changing a certificate’s domains”:

You just have to reissue it without specifying the to-be-deleted domain name.


In this case it’s important to use --cert-name to specify which certificate you want to reissue. If you go through the process again without specifying the --cert-name, you’ll get a new somecertificate-0001 in parallel to your old certificate, which can be a huge source of confusion!

Ah, very useful!
…and can I run the reissue command before the natural expiration of the certificate?

Many many thanks to all!

Yes. If it is reluctant (which shouldn’t be the case if the list of domains is different in any way from the original one!), you can use --force-renewal.

Perfect, I’ve used:

certbot certonly --cert-name --webroot -w /var/www/letsencrypt --expand -d -d -d ..

omitting the domain to remove, and all was done perfectly.

Only one warning:

Unable to clean up challenge directory /var/www/letsencrypt/.well-known/acme-challenge

Why this warning?

I’ve been seen the directory owner, and the


owner and group are “root”.
Is this correct or shoud it be “www-data”?

thanks again!

I think that often means that you have an old challenge file there, perhaps from a time when Certbot has crashed, or if you manually made a test file. It shouldn’t really harm anything.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.