I just got an email saying I will not be able to renew my certificate any longer as it contains a reserved domain name (a DNS name containing the characters ‘–’ ).
I am not using that domain anymore but the certificate contains my production domain name.
What is the procedure to remove the offending domain name and be able to renew the certificate?
I wouldn’t really recommend --allow-subset-of-names for this purpose because it might remove other names as well if there’s any reason that the CA happens not to be willing to issue for them at the moment of the renewal, including a simple misconfiguration on the client side.
I would suggest finding the cert name with certbot certificates (it’s likely to be the same as one of your domain names that the certificate covers) and then running certbot certonly --force-renewal --cert-name example.org plus a -d option for each domain name that you still want to be included in the certificate.
You will also have to specify an authentication method, which should be the same one that you originally used when obtaining the certificate.
This says that you want to update the certificate named five.epicollect.net by replacing it with one obtained in this way and covering only the domain name five.epicollect.net.