Expand certificate but do not modify nginx config

Help
1

Does anyone know how can I expand a domain certificate without letting certbot modifying nginx config file(s)?

I've run certbot --expand -d example.com -d host.example.com -d host2.example.com -d newhost1.example.com -d newhost2.example.com --allow-subset-of-names

While the previous command expanded the certificate as expected, it also modified nginx config files without asking or interacting.

I would like to know if there's an option I can add to the command to prevent it from modifying my nginx config files.

Thank you so much :slight_smile:

2 Likes
2

add certonly after certbot and before --expand

2 Likes
3

Maybe also include:
--cert-name "actual-cert-name"

Which you can find with:
certbot certificates

2 Likes
4

Also:

is the opposite of:

So, are you trying to do both? [add and remove names to a cert]

2 Likes
5

As I understand, --expand let me add new domains to the existing certificates and --allow-subset-of-names let the command succeed and the certificate to be modified even if some of the exiting domains in the certificate are not acceessible through HTTP.

--allow-subset-of-names When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system.

7

I think you are misinterpreting the use.
If any domains are no longer accessible via HTTP, they will fail HTTP authentication.
When they fail HTTP authentication AND --allow-subset-of-names is being used, such names will be REMOVED from the resulting certificate - allowing the certificate to complete (without failed names).
[perhaps better understanding the word "subset" would be useful]

The only case where the names that would fail could still be included is if the renewal is within 30 days of a previous authentication for such names and it they would be cached by LE and not even tested.

3 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.