Domain.dom-001? Renew with new certs?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gibhenry.com

I ran this command: sudo certbot certificates

It produced this output:
Found the following certs:
Certificate Name: gibhenry.com-0001
Domains: gibhenry.com
Expiry Date: 2020-07-04 18:46:28+00:00 (VALID: 24 days)
Certificate Path: /etc/letsencrypt/live/gibhenry.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/gibhenry.com-0001/privkey.pem
Certificate Name: gibhenry.com
Domains: gibhenry.com www.gibhenry.com
Expiry Date: 2020-07-03 22:46:25+00:00 (VALID: 24 days)
Certificate Path: /etc/letsencrypt/live/gibhenry.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/gibhenry.com/privkey.pem

My web server is (include version): Apache/2.4.41 (Unix)

The operating system my web server runs on is (include version): MacOS 10.15 Catalina

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0

Questions:
First of all, thank you in advance!

  1. I don’t think I need two certificates; evidently I tried twice. Can I safely eliminate the one for “gibhenry.com-001”? If so, how?
  2. My certificate expires in about a month. I would like to have certs for several subdomains. If I wait until a few days before, can I user certbot to get new certificates for all the subdomains, including this one, in one fell swoop, instead of renewing this one and separately getting new ones? (I’d like to keep them all renewing at the same time!). If so, how?
1 Like

You can see which certs you have and the domains they cover with:
certbot certificates
[one has one name and the other has two names]

You can compare that output to the files actually being used in your web config.

That depends.
If the one you want to delete is not in use, then no problem; use:
cerbot delete --cert-name {actual-cert-name-here}
[you can confirm the cert name from the output of certbot certificates]
If the one you want to delete is in use, then you need to stop using it before you delete it.

1 Like

Thanks again! I was initially concerned because the -001 certificate was newer; however, I finally got up my courage and deleted the extra certificate, with no ill effect.

2 Likes