How to remove a domain from a multiple-domain certificate?

Some times ago, we requested and obtained a multi-domain certificates, only to ‘patch’ a multiple expired certificates problem.

Actually, I need to ask to LE a new cert only for ONE of these sites.

I used

/usr/local/bin/certbot-auto certonly --apache -d mydomain.ext

Then I choose to Renew & replace the cert (limit ~5 per 7 days)

All was ok, I restarted apache and tested via sslab service, but I see all the old domains listed as alternative names. The main problem is that the ‘main’ domain of the cert is still NOT the one i specified but the first of the old list.

In short: how can I completely remove one or more domains from an old certificate?
And: why replacing the cert is still using the old list instead of being applied only to the domain I specified?

1 Like

Sorry, false alarm.

I didn’t notice that new certificate was created in a different folder :slight_smile:

Fixed, can close topic

1 Like

For future reference, to save it in the same folder, you can use Certbot’s --cert-name argument.

For example, if you ran

sudo /usr/local/bin/certbot-auto --apache -d -d -d -d

to create a certificate and save it in /etc/letsencrypt/live/, you can use

sudo /usr/local/bin/certbot-auto --apache --cert-name -d -d

to issue a new certificate that doesn’t include or and also save it in /etc/letsencrypt/live/ (You can even remove

You can also use

sudo /usr/local/bin/certbot-auto delete --cert-name

to completely delete a certificate – which will break Apache if Apache is still configured to use it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.