How to handle example.com and example.com-001

I had a valid cert. I changed it: I added a subdomain, and removed an old subdomain. No errors.

But now I have two certs: example.com and example.com-001. And my reverse-proxy/webserver (nginx) still uses the old one.

So:

  • Is it safe to delete the old one? (example.com)
  • Then is is safe to rename the new one from example.com-001 to example.com so my existing renewal scripts don’t break?

Or, is it better to delete all certs, and re-issue from scratch? (I won’t hit the limit for this week.)

Hi @lonix1

then change your config so your server uses the new. Then restart, then delete the old certificate via

certbot delete [certificate-name]
1 Like

Thanks Juergen.
Is it possible to rename a cert, or will I break everything if I do that? I’ll make a backup first.

it’s unadvisable, and doesn’t really matter. (you can definitely try)

I don’t know.

You can use --cert-name. Manual deleting or renaming things is always bad.

1 Like

There isn’t a command to do it. It’s possible to do it manually, but it’s very easy to break everything.

(Critically, if you don’t fix the symlinks, Certbot may renew your certificate every day while failing to save the files properly.)

1 Like

For anyone with the same problem, I ended up doing something based on @JuergenAuer’s advice:

  • I made a backup of everything first! :wink:
  • I removed the new cert: certbot delete example.com-0001
  • I updated the old cert: certbot --cert-name example.com --force-renewal ...

That forced it to use the old cert instead of creating a new one.

So now everything works without making changes to nginx, or my renewal scripts etc.

WARNING: make sure you have enough transactions left for the current week!