[SOLVED] An old "Alternative name" is not letting me renew the domain

Help
1

My domain is: cloud.aqeeliz.com

It has an "Alternative name": social.aqeeliz.com
This was another subdomain, that I recently disabled. I don't know why it's an alternate name, it was a long time ago when I got their certificate, so don't remember what I did then.

Now, when renewing cloud.aqeeliz.com, it says:
Renewing an existing certificate cloud.aqeeliz.com and 2 more certificates
Then it gives the error that it can't find DNS for social.aqeeliz.com (because I disabled it), and fails the renew.

I assume I can easily fix this by re-adding the social.aqeeliz.com DNS entry at my domain level, but I am wondering, if there is any way to unlink this (and the other entry, apps.aqeeliz.com - which is still active and also has a separate certificate) from alternate name of cloud.aqeeliz.com?

1 Like
2

Which ACME client are you using? And with what command are you renewing? And I assume you want to remove the alternate name from your certificate?

1 Like
3

While writing the issue, I got better sense of the issue. So, after posting did some more search, and found a solution at letsencrypt certbot: how to remove some domains from an existing certificate - Christosoft Blog,
Basically, need to run the following command:

certbot certonly --cert-name "maindomain.com" --renew-with-new-domains -d "maindomain.com,alternative1.com,alternative2.com"

where the domain list contains the alternative domains you want to keep. In my case, it only contained the maindomain

I was using sudo certbot renew
to renew, but have to run this command with certonly.

Thanks for everyone who looked at the issue. :slight_smile:

1 Like
4

Another option would have been --allow-subset-of-names, but you'd need to absolutely sure the unwanted hostname is the only hostname not validating. Luckily, the other hostnames already have been validated in a previous, failed renewal attempt and those successful validations should be cached for (currently) 30 days at the Let's Encrypt servers.

2 Likes
5

Ah, thanks for the info.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.