My domain is: cloud.aqeeliz.com
It has an "Alternative name": social.aqeeliz.com
This was another subdomain, that I recently disabled. I don't know why it's an alternate name, it was a long time ago when I got their certificate, so don't remember what I did then.
Now, when renewing cloud.aqeeliz.com, it says:
Renewing an existing certificate cloud.aqeeliz.com and 2 more certificates
Then it gives the error that it can't find DNS for social.aqeeliz.com (because I disabled it), and fails the renew.
I assume I can easily fix this by re-adding the social.aqeeliz.com DNS entry at my domain level, but I am wondering, if there is any way to unlink this (and the other entry, apps.aqeeliz.com - which is still active and also has a separate certificate) from alternate name of cloud.aqeeliz.com?
Which ACME client are you using? And with what command are you renewing? And I assume you want to remove the alternate name from your certificate?
While writing the issue, I got better sense of the issue. So, after posting did some more search, and found a solution at letsencrypt certbot: how to remove some domains from an existing certificate - Christosoft Blog,
Basically, need to run the following command:
certbot certonly --cert-name "maindomain.com" --renew-with-new-domains -d "maindomain.com,alternative1.com,alternative2.com"
where the domain list contains the alternative domains you want to keep. In my case, it only contained the maindomain
I was using
sudo certbot renew
to renew, but have to run this command with certonly.
Thanks for everyone who looked at the issue.
Another option would have been
--allow-subset-of-names, but you'd need to absolutely sure the unwanted hostname is the only hostname not validating. Luckily, the other hostnames already have been validated in a previous, failed renewal attempt and those successful validations should be cached for (currently) 30 days at the Let's Encrypt servers.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.