How to change subdomains when renewing a certificate

Hi there. I have a certificate issued for our domain, including several subdomains. E.g., example.com + www.example.com + sub1.example.com + sub1.example.com + sub2.example.com. These have been installed and worked properly. Now it’s close to renewal time.

However, a while ago we changed the hosting for parts of our site, and now the root and www domains are hosted elsewhere, without HTTPS. I’ve went twice through the docs, and I’m still not sure but if I understand correctly we can’t renew the certificate as-is, since we don’t control the root and www domains anymore. Am I right about this?

Is it possible to adjust the certificate to cover only the sub.example.com subdomains, and remove the www and root domain? If not, how can I fix this otherwise? Do I need to create a new certificate from scratch?

You don’t even have SSH or SFTP access to the newly hosted root and www domains?

I think you’ll have to create a new certificate if the above doesn’t apply. If it does, you might use --manual and put the challenges into the /.well-known/acme-challenge/ dir via SSH or SFTP.

Renewing the certificate will renew it as was configured, with all the names. If you don’t have control over some of those anymore, you’ll just want to request a new certificate with the names you need on it.