I needed to add a subdomain to one of my certificates on an existing server. I tried the certbot command with “–duplicate” and also “–expand”. It kept saying it didn’t have the correct permissions to validate it. So I spun up a new server, pointed the A, AAAA, and CNAME records at the new server and re-ran the certbot command again and the ssl certificates were generated.
So what I was wondering is if there is a recommended way to just clear out letsencrypt files/data in order to regenerate the ssl certificates.
It's suggested to revoke the old certificate.. Do you happen to keep the old certificate & keys? If so, you can revoke the certificate by executing certbot revoke --cert-path=your cert path (on same account).
If you didn't keep the old certificate and key (and are confident that it's destroyed), just let the old cert expire.
Thanks! revoke is a good option. So say I had the same problem adding another subdomain on an existing server. The one thing I should try is revoke the certs? Anything else? Clear out directories?