lonix1
1
I had a valid cert. I changed it: I added a subdomain, and removed an old subdomain. No errors.
But now I have two certs: example.com
and example.com-001
. And my reverse-proxy/webserver (nginx) still uses the old one.
So:
- Is it safe to delete the old one? (
example.com
)
- Then is is safe to rename the new one from
example.com-001
to example.com
so my existing renewal scripts don’t break?
Or, is it better to delete all certs, and re-issue from scratch? (I won’t hit the limit for this week.)
Hi @lonix1
then change your config so your server uses the new. Then restart, then delete the old certificate via
certbot delete [certificate-name]
1 Like
lonix1
3
Thanks Juergen.
Is it possible to rename a cert, or will I break everything if I do that? I’ll make a backup first.
9peppe
4
it’s unadvisable, and doesn’t really matter. (you can definitely try)
I don't know.
You can use --cert-name
. Manual deleting or renaming things is always bad.
https://certbot.eff.org/docs/using.html
1 Like
There isn't a command to do it. It's possible to do it manually, but it's very easy to break everything.
(Critically, if you don't fix the symlinks, Certbot may renew your certificate every day while failing to save the files properly.)
1 Like
lonix1
7
For anyone with the same problem, I ended up doing something based on @JuergenAuer’s advice:
- I made a backup of everything first!
- I removed the new cert:
certbot delete example.com-0001
- I updated the old cert:
certbot --cert-name example.com --force-renewal ...
That forced it to use the old cert instead of creating a new one.
So now everything works without making changes to nginx, or my renewal scripts etc.
WARNING: make sure you have enough transactions left for the current week!
system
Closed
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.