Hello everyone, let's suppose I have SSL SAN certificate of letsencrypt for 5 domains now at the time of renew the certificat,e one of the domain is not available for verification , does the letsencrypt still issue the certificate for other 4 domains ?
No, it'll mark the order as invalid.
2 Likes
You might use --allow-subset-of-names with certbot, but don't make an habit of it.
Validations can fail even when you don't expect them to.
3 Likes
Assuming OP uses Certbot 
Not sure if other ACME clients have a similar feature.
2 Likes
I guess not, it's a lot of logic for something that shouldn't happen
2 Likes
Just re-stating what was said above to be more clear to those with less experience:
The fifth domain will fail the challenge/verification, which will mark the ACME "order" as invalid and deny you a renewal.
Your ACME client must either do one of the following:
- change the renewal configuration to only include the 4 domains
- stop renewing the 5 domain certificate, and request a new certificate for 4 domains
Depending on your Client and how you use the Certificates, one option will be less of a headache than the others.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.