It sounds as if you have it set to use standalone mode.
@flummer, itâs true that the client has been changed to remove the domains line, but thatâs because we thought it was unused (because the list of domains should indeed be taken from the subject alternative names of the previous certificate). Are you seeing this behavior when running a simple letsencrypt renew? Whatâs the specific error message that appears?
@schoen, when I run letsencrypt renew directly, it does a correct renewal of the certificates with the correct domains, the error was specific to the script by @acetylator, where letsencrypt complains since --domains is supplied, but without anything after that.
My post was primarily to help those that use the script from @acetylator above.
I donât see it as an error in letsencrypt, and with the changes I made to the script, it seems to work as it should.
Only thing that was a little weird is that the list of domains seems to have been scrambled so that itâs not the primary domain thats the common name of the certificate, but one of the alternate names. I think I read something about that being a bug, and I guess itâs either gonna fix itself or maybe I have to do a few tweaks down the road⊠at the moment itâs not a problem for me.
@flummer, thanks for diagnosing this issue and providing a fix (Iâm grateful to @acetylator and everyone at letsencrypt too).
For reference, here is the error message that the âv1.3â version of acetylatorâs script provokes in version 0.7.0 of letsencrypt-auto:
âRequested domain is not a FQDNâ.
(There are other issues that can cause the same error message.)
Thanks for the analysis and the fix.
As I did not like the awk black magic, I found this alternative with sed black magic 
:
openssl x509 -in ${CERT_FILE} -text | sed -n '/X509v3 Subject Alternative Name/ {n;p}' | cut -d ':' -f 2
Not sure about which one is less readable than the other, but at least itâs an alternativeâŠ
EDIT : this only works if the certificate is for a single SAN. See below
@jul, that wonât work very cleanly in that form if there is more than one SAN; you get something like example.com, DNS as output.
Maybe you would want something like
sed -n '/X509v3 Subject Alternative Name/ {n; s/^ *DNS://; s/, DNS:/\n/g; p}'
to get all of the names in the output.
Oops thanks for checking, since I forgot to mention I only tested it for a single domainâŠ
Hello @jul,
If you want you can use the grep and tr black magic 
openssl x509 -in ${CERT_FILE} -text | grep 'DNS:' | tr -d ':SND ' | tr ',' '\n'
Cheers,
sahsanu
The tr -d ':SND' might not be correct for certificates in general because perhaps they can contain capital letters. (I donât believe Letâs Encrypt would issue a certificate containing a capital letter in a subject name, but perhaps another CA might?)