Renewal of mulitiple domains / providers

currently I have setup my domain for ( with their hook script - working fine, autorenewal working in combo with a prosody server.

In addition to that I wanted to setup a certficate for a new domain ( - not hosted/belonging to - all with certbot
(plan is to switch from to


  • Can this run within one certbot comand / do I need to enhance "old" one or do I need a second run, if so, seperatly or combined? Don't wanna mess certs for domain/prosody
  • Fresh / new setup of certbot to server only the new (then, howto disable automatic renewal for

Thx in advance,

Hi @un99known99 and Welcome to the community..
IMHO simple is usually the best solution.

  1. Configure your NEW domain with a fresh new certbot and obtain a fresh new cert.
  2. disable/remove your OLD cron or system timer (whatever) and allow the old cert to expire with dignity

You could make it complicated if you want to. I recommend that you keep it simple.
EDIT: You will get an email from LE warning of the impending cert expiration of the OLD cert.


So if I understand correctly, both sites are hosted on different machines?

I.e.: your site is hosted by And your new domain is going to be hosted somewhere else entirely?

In that case I'm sure you'd want to retire your hosting at at some point, right? Maybe have a redirect in place for a certain time? That redirect should also use or at least be reachable through HTTPS. And when your site at is being canceled, wouldn't that also stop their certificate renewal? (I'm not sure what is exactly, so maybe I'm missing something here..)


I would like to switch my prosody instance (and other stuff) from to, therefore I would like to use the same certbot running on the machine but retire the renewal of AND enable new cert + renewal for (retiring gracefully renewal of, so all in all it should kind of change in certbot
Would that work out or how could it be reshened?
@Osiris same machine

Ah, same machine..

I would just add a new certificate for your new domain and if you're ready to drop support for the old domain (e.g., no redirect necessary any longer, DNS name removed entirely, virtualhost in the webserver for the old domain removed et cetera) you can just remove the certificate from the older domain name from certbot.


for "remove the certificate from the older domain name from certbot":

  • Could you help me in how to add new domain (*, to existing certbot setup
  • afterwards dropping "old" one from certbot

Would be a g8 help

Getting a wildcard certificate means you need to use the dns-01 challenge type (see Challenge Types - Let's Encrypt about the different challenge types). This is usually a little bit more difficult to implement, depending on your DNS provider. See User Guide — Certbot 1.21.0.dev0 documentation for DNS plugins available to certbot. Other ACME clients could offer different and/or more DNS plugins, such as

But in essence, adding a new certificate with new hostnames is done by just running certbot again like you did before, but now with the options specifically for your new certificate (such as a different authentication plugin).

For removing a certificate: please see the certbot documentation: User Guide — Certbot 1.21.0.dev0 documentation


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.