Multi-domain renewal, one domain not pointing to server makes renewal fail

Hi guys,

I’ve got a situation where certbot isn’t renewing the certificate for a multi-domain cert where one domain had changed DNS to another server.

So when the initial LE cert was requested, 3 months ago, the domains (10 of them) where all pointing to the server and the cert was issued no problem. Then, one domain was changed to point to a different server, so the renewal failed and certbot complaining ‘urn:ietf:params:acme:error:unauthorized’.

I understand that for this domain, no cert should be renewed, but for the remaining domains, the cert should be renewed? Ideas?

Cheers,
Thomas

1 Like

Hello @tgmedia-nz

Based on the information provided. I would suggest you re-run Certbot and request a new “multi-domain” certificate omitting the domain that was changed to point to a different server.

Future renewals should work as expected.

Hope this helps

Rip

1 Like

Assuming (because you didn’t give us this information directly, I can only guess and assume) you initially issued one certificate for all domains: certbot doesn’t know you intentionally moved the domain to another server. Certbot doesn’t magically know you don’t need that hostname included in the certificate any longer. Certbot is a computer program, not a wizzard. How could it know?

Please see the certbot documentation about changing a certificates domains:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.