I’m using domains from an alternate DNS root and Certbot breaks when I try to run it with those domains in the server files. Is there a way to list domains to be excluded each time I run Certbot?
Do you mean like .onion or .bit or .internal?
How does Certbot break?
If you know exactly which domains you want, you should be able to just do:
certbot --apache -d example.org -d www.example.org
and it won’t bother about any other domains.
Does the -d flag remove those domains? If so it will be easy to put them into a file.
I’m using OpenNIC domains.
-d specifies which domains you want to be included on a certificate.
Certbot shouldn’t be “breaking” when it encounters domains it can’t resolve. I’d like to see what the actual error/output is, so that we can differentiate between a validation error (i.e. CA thinks the DNS doesn’t resolve) or an actual error/bug (Certbot can’t parse webserver config).
The answer to your question relies on that.
It says there was an error because a name didn’t end it a public suffix. Specifying a list of domains with a file would also work.
Cool, that’s an expected CA error.
So using a bunch of
-d is probably your best option.
Edit: I suggested
--allow-subset-of-names but on second thought that probably won’t work, because the alternate root domains would be rejected at the new-order stage, not during validation. Sorry! Your use case is not that common I guess.
How are names being included?
How is that process including names you don’t want included?