I’ve created a certificate using certbot successfully but i’ve made a little mistake on creation. The idea is that i wanted to create 2 certifications, one for each website, but instead i’ve created just one valid for both domains. The problem now is that i don’t want any links between the two domains whatsoever, therefore i need to either revoke/renew or edit the current certificate. What is the best approach for my problem?
and i think it would have been easier if i just run it two times for each domain or run the command bellow (using again webroot for the second domain)
certbot-auto certonly --webroot -w /data/vhosts/example1/httpdocs/ -d www.example1.com -d example1.com --webroot -w /data/vhosts/example2.com/httpdocs/ -d www.example2.com -d example2.com
Also looking through the forum i’ve found something about “Rate Limits” and even if i’ve found a page explaining more about it here https://letsencrypt.org/docs/rate-limits/ it’s still unclear for me, what is the limitation really about?
That won't be anything different than your previous attempt.
Every time you run certbot to get a "new" certificate, it will get you just one cert. (Of course certbot renew will give you multiple certificates if there are more than one certs due for renewal.)
Just run certbot twice, one time per domain, and you'll be fine
Generate a new certificate for just the one hostname, and use that one instead of the previously-generated cert. There’s no reason to revoke the old cert (the only real reason to do so is if you suspect the private key has been compromised), just stop using it once you’ve created the new ones.
Edit: It isn’t possible to edit an existing certificate. Once a certificate has been issued, if you want any of its details to be different, you need to get a new certificate with the correct details. This is true with any CA, not just with Let’s Encrypt.
You need to arrange for the certbot command to be run with “renew” you can do this with a cronjob or by whatever means. Certbot will remember which names it has validated for certificates, and will arrange to renew any certificates with less than 30 days left until they expire, using validation methods you asked for previously as needed. It is common to run Certbot’s renewal mode once or twice per day, knowing it will do nothing when there is no work needed.
Because other things (besides Let’s Encrypt) might want a .well-known/ folder it isn’t deleted automatically, but if you do delete it, Certbot will just put it back when it next creates files.
I think the rate limits page does a pretty good job of explaining each limit. Maybe if you can spell out specifically what you didn’t understand someone will be able to explain further ?
Yes, you’ll need to create a cron job to renew the certificates. You should be able to simply call “certbot renew” daily for the cronjob–it will check any issued certs and, if they have less than 30 days remaining, renew them. And yes, if you’re using the HTTP-01 challenge (which you were if you were using the .well-known directory), the .well-known/acme-challenge path will need to be available at least while you’re running the renewal task.
