I’ve got a situation where certbot isn’t renewing the certificate for a multi-domain cert where one domain had changed DNS to another server.
So when the initial LE cert was requested, 3 months ago, the domains (10 of them) where all pointing to the server and the cert was issued no problem. Then, one domain was changed to point to a different server, so the renewal failed and certbot complaining ‘urn:ietf:params:acme:error:unauthorized’.
I understand that for this domain, no cert should be renewed, but for the remaining domains, the cert should be renewed? Ideas?
Based on the information provided. I would suggest you re-run Certbot and request a new “multi-domain” certificate omitting the domain that was changed to point to a different server.
Assuming (because you didn't give us this information directly, I can only guess and assume) you initially issued one certificate for all domains: certbot doesn't know you intentionally moved the domain to another server. Certbot doesn't magically know you don't need that hostname included in the certificate any longer. Certbot is a computer program, not a wizzard. How could it know?