Expand certificate but do not modify nginx config

Does anyone know how can I expand a domain certificate without letting certbot modifying nginx config file(s)?

I've run certbot --expand -d example.com -d host.example.com -d host2.example.com -d newhost1.example.com -d newhost2.example.com --allow-subset-of-names

While the previous command expanded the certificate as expected, it also modified nginx config files without asking or interacting.

I would like to know if there's an option I can add to the command to prevent it from modifying my nginx config files.

Thank you so much :slight_smile:


add certonly after certbot and before --expand


Maybe also include:
--cert-name "actual-cert-name"

Which you can find with:
certbot certificates



is the opposite of:

So, are you trying to do both? [add and remove names to a cert]


As I understand, --expand let me add new domains to the existing certificates and --allow-subset-of-names let the command succeed and the certificate to be modified even if some of the exiting domains in the certificate are not acceessible through HTTP.

--allow-subset-of-names When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system.

I think you are misinterpreting the use.
If any domains are no longer accessible via HTTP, they will fail HTTP authentication.
When they fail HTTP authentication AND --allow-subset-of-names is being used, such names will be REMOVED from the resulting certificate - allowing the certificate to complete (without failed names).
[perhaps better understanding the word "subset" would be useful]

The only case where the names that would fail could still be included is if the renewal is within 30 days of a previous authentication for such names and it they would be cached by LE and not even tested.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.