I have a certificate that looks like this:
Certificate Name: www.domain.com
Serial Number: 589g4894h8gh8945h984h8hr
Key Type: RSA
Domains: domain1.com domain2.com domain3.com domain4.com domain5.com domain6.com domain7.com domain8.com
Expiry Date: 2023-10-22 15:51:58+00:00 (VALID: 65 days)
Certificate Path: /etc/letsencrypt/live/xxx/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xxx/privkey.pem
I want to remove domain3.com and domain7.com from the certificate, as they no longer exist and therefore caused some trouble with the renewal last month. How can I do that?
I read on another forum that it will automatically resolve itself on the next renewal if I remove the domains from the vhost file in Apache. Is that correct?
My web server is (include version): Apache/2.4.56
The operating system my web server runs on is (include version): Debian GNU/Linux 11.7 (bullseye)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 1.12.0
Hi @chrisaso, and welcome to the LE community forum
From the User Guide shows:
User Guide — Certbot 2.6.0 documentation (eff-certbot.readthedocs.io)
I'd try using the "
No, it's not. Where did you read that?
You should make sure that the other domains you want to keep are actually fully functional. If by any chance a domain you want to keep also fails for some reason, it'll be removed from the certificate too. You can test this using the staging environment of course. If you want to be sure, once the staging environment works, you can use the production environment once without
--allow-subset-of-names so the authorizations of the functional domains you want to keep are valid (and cached) and afterwards renew with
Alternatively you can use the initial command you used to get the certificate to begin with, but now with only the domains you want to keep in the
-d option(s). You probably want to use
--cert-name to specify the current certificates name to make sure you don't end up with 2 separate certs.
Unfortunately after years and years of asking for this feature, Certbot still doesn't have a simple "add and/or remove domains" feature........... A fairly basic and IMO mandatory function for an ACME client.....
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.