My domain is: vm4.convergent-ict.com (this is actually the host server name - it is a virtual server hosting several domains).
I ran this command: certbot certificates
It produced this output:
[Sorry, your system won’t allow me to post this output as “new users can only put 20 links in a post”]
My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-141-generic x86_64)
My hosting provider, if applicable, is: (me, on Digital Ocean)
I can login to a root shell on my machine (yes or no, or I don’t know): Yep.
There are two problems I need to fix.
The first and most urgent problem is that the certs for uistholidaylet.com and uistholidaylet.com can’t be renewed because they contain domain test.waterfarmdressage.co.uk which does not exist (has no DNS) and is not referred to anywhere in the apache configuration (it used to exist but is long gone…).
I don’t know how to remove this (and yes, I have searched these forums!).
The second problem is that I’ve only ever used “certbot apache” to set these certs up, and yet domains uistholidaylet.com, uistholidaylet.co.uk and gun-for-hire.co.uk have many domains under them, domains which I think should have their own certs. See also gun-for-hire.co.uk-0001 (I have no idea how this came about either).
Maybe this is a peculiarity of the way ubuntu uses apache, I don’t know (I’m from a gentoo background really).
(there is two times the name uistholidaylet.com ?)
then create a new certificate with the -d option
certbot [your other options] -d uistholidaylet.com
so the certificate doesn't has the 'test' - domain name. Then use that and delete the other certificate (certbot delete certificate-name - first run certbot certificates to see your certificates).
If you create a certificate that partially overlaps -- for example, because you want to remove one name -- Certbot will save it separately under a different name. For example:
You can also use sudo certbot delete --cert-name example.com to just delete it. (If Apache is still configured to try to use certificate files that no longer exist, it won't start.)
As @JuergenAuer said, you can also use sudo certbot certificates to display a list of all your certificates.
You should be able to sort this out, with a bunch of Certbot commands and maybe editing Apache's configuration.
Thanks for sorting out the link posting. Here is the output, which might explain things a bit more clearly.
This is a live server, and I’m very worried about breaking things as it isn’t at all clear how this “muddle” came about, and I don’t want to break clients’ site.
Anyway, here’s the output of certbot certificates
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/uistholidaylet.com/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/uistholidaylet.co.uk/cert.pem is unknown
--allow-subset-of-names tells Certbot to continue with certificate generation if only some of the specified domain authorizations can be obtained. This may be useful if some domains specified in a certificate no longer point at this system.