Some times ago, we requested and obtained a multi-domain certificates, only to ‘patch’ a multiple expired certificates problem.
Actually, I need to ask to LE a new cert only for ONE of these sites.
/usr/local/bin/certbot-auto certonly --apache -d mydomain.ext
Then I choose to
Renew & replace the cert (limit ~5 per 7 days)
All was ok, I restarted apache and tested via sslab service, but I see all the old domains listed as alternative names. The main problem is that the ‘main’ domain of the cert is still NOT the one i specified but the first of the old list.
In short: how can I completely remove one or more domains from an old certificate?
And: why replacing the cert is still using the old list instead of being applied only to the domain I specified?