My domain is: examplel.com and xxx.example.com
I ran this command: ./certbot-auto renew --dry-run
It produced this output: Encountered vhost ambiguity but unable to ask for user guidance in non-interactive mode. Currently Certbot needs each vhost to be in its own conf file, and may need vhosts to be explicitly labelled with ServerName or ServerAlias directories. Falling back to default vhost *:443…
My operating system is (include version): Ubu14.04
My web server is (include version): Apache 2.4
My hosting provider, if applicable, is: It’s a VPS
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Question:
Both domains example.com and xxx.exapmple.com domain running well with letsencrypt. But now we’ve disabled and deleted the subdomain xxx.example.com. the vhost-file is not available any more. With /certbot-auto renew --dry-run I get a Warning "Encountered vhost ambiguity but unable to ask for user guidance in non-interactive mode. Currently Certbot needs each vhost to be in its own conf file, and may need vhosts to be explicitly labelled with ServerName or ServerAlias directories. Falling back to default vhost *:443…"
How can I delete properly xxx.exapmple.com from the letsencrypt-config?
Just a quick thought, with little research on my end. The answer might be to get a new cert, rather than renewal, that does not include xxx.example.com. I am very new to Let’s Encrypt, and still in the experiment stage with it, and have my certs with multiple domains, and subdomains on them, and have wondered if it’s better to get one cert for each sub, or keep it a bulk certs. No conclusion yet, but you case suggests that single name certs might be a better choice (as long as the number of certs fits within the limits set by the service.) Hope you find an solution to your situation. Luck.
@Paul2, this is a known limitation in the Certbot client and is being worked on right now. A future version of Certbot will make this easier. Right now the best workaround is probably to remove the affected certificate entirely (all references to it in /etc/letsencrypt/live, /etc/letsencrypt/archive, and /etc/letsencrypt/renewal, and all references to it in your web server configuration) and generate a new certificate. We know that an easier way to remove a name upon renewal is an important feature for a lot of our users.
Problem ist solved, I’ve deltete the files for the subdomain in /etc/letsencrypt/live, /etc/letsencrypt/archive, and /etc/letsencrypt/renewal and as well the DNS A record for the subdomain and at the next day no errors. anymore. Thnx