How to remove a domain from a multiple-domain certificate?

Some times ago, we requested and obtained a multi-domain certificates, only to ‘patch’ a multiple expired certificates problem.

Actually, I need to ask to LE a new cert only for ONE of these sites.

I used

/usr/local/bin/certbot-auto certonly --apache -d mydomain.ext

Then I choose to Renew & replace the cert (limit ~5 per 7 days)

All was ok, I restarted apache and tested via sslab service, but I see all the old domains listed as alternative names. The main problem is that the ‘main’ domain of the cert is still NOT the one i specified but the first of the old list.

In short: how can I completely remove one or more domains from an old certificate?
And: why replacing the cert is still using the old list instead of being applied only to the domain I specified?

Sorry, false alarm.

I didn’t notice that new certificate was created in a different folder

Fixed, can close topic

For future reference, to save it in the same folder, you can use Certbot’s --cert-name argument.

For example, if you ran

sudo /usr/local/bin/certbot-auto --apache -d example.com -d www.example.com -d example.net -d www.example.net

to create a certificate and save it in /etc/letsencrypt/live/example.com/, you can use

sudo /usr/local/bin/certbot-auto --apache --cert-name example.com -d example.com -d www.example.com

to issue a new certificate that doesn’t include example.net or www.example.net and also save it in /etc/letsencrypt/live/example.com/. (You can even remove example.com.)

You can also use

sudo /usr/local/bin/certbot-auto delete --cert-name example.com

to completely delete a certificate – which will break Apache if Apache is still configured to use it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.