Renew SAN certificate status if one or more domain Unavailable

Hello everyone, let's suppose I have SSL SAN certificate of letsencrypt for 5 domains now at the time of renew the certificat,e one of the domain is not available for verification , does the letsencrypt still issue the certificate for other 4 domains ?

No, it'll mark the order as invalid.


You might use --allow-subset-of-names with certbot, but don't make an habit of it.

Validations can fail even when you don't expect them to.


Assuming OP uses Certbot :slight_smile: Not sure if other ACME clients have a similar feature.


I guess not, it's a lot of logic for something that shouldn't happen


Just re-stating what was said above to be more clear to those with less experience:

The fifth domain will fail the challenge/verification, which will mark the ACME "order" as invalid and deny you a renewal.

Your ACME client must either do one of the following:

  • change the renewal configuration to only include the 4 domains
  • stop renewing the 5 domain certificate, and request a new certificate for 4 domains

Depending on your Client and how you use the Certificates, one option will be less of a headache than the others.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.