Hello everyone, let's suppose I have SSL SAN certificate of letsencrypt for 5 domains now at the time of renew the certificat,e one of the domain is not available for verification , does the letsencrypt still issue the certificate for other 4 domains ?
No, it'll mark the order as invalid.
You might use
--allow-subset-of-names with certbot, but don't make an habit of it.
Validations can fail even when you don't expect them to.
Assuming OP uses Certbot Not sure if other ACME clients have a similar feature.
I guess not, it's a lot of logic for something that shouldn't happen
Just re-stating what was said above to be more clear to those with less experience:
The fifth domain will fail the challenge/verification, which will mark the ACME "order" as invalid and deny you a renewal.
Your ACME client must either do one of the following:
- change the renewal configuration to only include the 4 domains
- stop renewing the 5 domain certificate, and request a new certificate for 4 domains
Depending on your Client and how you use the Certificates, one option will be less of a headache than the others.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.