Is it possible to renew part of SSL certificates?

Is it possible to use certbot renew command to renew part of the SSL certificates?

The reason I want to do this is because some of the certificates on my server are for development environment, which may not need to be renewed anymore. And some of the certificates are for production environment.

Let’s say I have the following 3 domains which are used only in development environment.

www.foo.dev.tw
bar.dev.tw
abc.dev.tw

Each of the 3 domain has its corresponding SSL certificate. Quality assurance engineers will use these domains to test new features of the website of my company.

And the following 3 domains are used for production environment:

www.asdf.com.tw
www.qqq.com.tw
www.def.com.tw

The 3 production environment domains also have 3 corresponding certificates.

I’ve read the document here. But haven’t found any options that provide this feature.

I thought that maybe I can add a --pre-hook option that moves the development certificates to a temporary folder before renewing executing certbot renew. Then move them back to the original folder with the --post-hook option.

I’d like to know if there exist a more convenient way to renew only the production environment certificates.

Do you have a single SSL certificate for all your production and development environment domains ? Personally I’d separate out the production and development ones into different certificates.

See Changing a Certificate’s Domains as well - if that provides what you need. I don’t fully understand exactly what you are after, perhaps if you could explain with domain names.

Hi, I just updated my original post.

Every domain on my server has its own SSL certificate. I mean if I have 100 domains, then I’ll have 100 SSL certificates for them.

“certbot renew” will only renew certificates that are due for renewal - it won’t renew all of them ( unless they are all due for renewal).

If only one of your production SSL certificates is due for renewal, that “certbot renew” would only renew that one certificate.

For those development certificates that you no longer need, you can use the “delete” option to remove those so that renewals are no longer attempted for them.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.