How to remove domain from certificate


I have a certificate that looks like this:

Certificate Name:
Serial Number: 589g4894h8gh8945h984h8hr
Key Type: RSA
Expiry Date: 2023-10-22 15:51:58+00:00 (VALID: 65 days)
Certificate Path: /etc/letsencrypt/live/xxx/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xxx/privkey.pem

I want to remove and from the certificate, as they no longer exist and therefore caused some trouble with the renewal last month. How can I do that?

I read on another forum that it will automatically resolve itself on the next renewal if I remove the domains from the vhost file in Apache. Is that correct?


My web server is (include version): Apache/2.4.56

The operating system my web server runs on is (include version): Debian GNU/Linux 11.7 (bullseye)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

1 Like

Hi @chrisaso, and welcome to the LE community forum :slight_smile:

From the User Guide shows:
User Guide — Certbot 2.6.0 documentation (
I'd try using the "--allow-subset-of-names" option:


No, it's not. Where did you read that?

You should make sure that the other domains you want to keep are actually fully functional. If by any chance a domain you want to keep also fails for some reason, it'll be removed from the certificate too. You can test this using the staging environment of course. If you want to be sure, once the staging environment works, you can use the production environment once without --allow-subset-of-names so the authorizations of the functional domains you want to keep are valid (and cached) and afterwards renew with allow-subset-of-names.

Alternatively you can use the initial command you used to get the certificate to begin with, but now with only the domains you want to keep in the -d option(s). You probably want to use --cert-name to specify the current certificates name to make sure you don't end up with 2 separate certs.

Unfortunately after years and years of asking for this feature, Certbot still doesn't have a simple "add and/or remove domains" feature........... A fairly basic and IMO mandatory function for an ACME client.....


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.