How to prevent renewal for certain domains


#1

We are a small website/CMS platform. A single server running certbot hosts approx. 1000 certs for client websites which are not on the same server.

Cert renewals are automated via certbot.timer.

I would like to make sure that we are not attempting to renew certs for clients who have cancelled.

I do not want to remove or revoke the certs in case the cancellation is temporary.

Can I prevent renewal attempts for certain domains by removing domain.conf files from /etc/letsencrypt/renewal?

Or, what is the recommended way to prevent renewal attempts? Thanks!


#2

Hi @jbc

as I know: That should work.

Make a backup, then remove the config file. Perhaps remove symlinks you find in

/etc/letsencrypt/live

#3

If you’re running a recent enough version of Certbot, you can set autorenew = False in the [renewalparams] section of the file.