I run a family of several domains for a platform authored by my employer; however we use a DNS name which breaks certbot’s autorenewal process (beause I don’t want to publish this subdomain publicly), meaning it gives NXDOMAIN whenever I try to renew my domains.
My question is this- can I get certbot to skip (or outright ignore) this domain, so I can get auto-renewal set up correctly?
I’m simply using certbot renew; it’s always wanted to include the subdomains olympus.medaccessrx.com and my.hpprx.com in the certificates. I have to specifically run the renewal process and exclude both of those each time, preventing the certificate from automatically updating each month.
They don’t have external DNS names, though. It’s for a service over a VPN. So…? Also, my.hpprx.com shouldn’t be hosted on that server. Can I remove those names from the certificate?
Once the certificates have been successfully re-issued without the non-public names, the certbot renew command will not try to cover those names for future renewals.
You need the --cert-name and the existing certificate name in order to cause Certbot to know it should re-issue and replace the certificate that it’s tracking (otherwise you get a kind of ugly and potentially confusing -0001 duplicate certificate with the new set of names).