[SOLVED] Remove / delete subdomain (alternate name) from certificat

Once in a while subdomain are not longer existant or moved to a different server.

The solution to remove such domain and allow certificat rewal is as follow:

Either you have created your certificat with --allow-subset-of-names or you need to edit the renewal config file (eg: /etc/letsencrypt/renewal/example.com.conf) and ensure a key allow_subset_of_names = True in the [renewalparams] section.

Renew the certificat (it should succeed with an alert regarding the missing subdomain).

Once done, you can remove the subdomain line from the renewal config file.

1 Like

A more officially recommended way to do this is to rerun your certificate request with certonly and with --cert-name specifying which certificate to act upon, as well as a -d list of all of the domains that you do want to be in the certificate. The benefit of this relative to --allow-subset-of-names is that it will fail with a useful warning if any of the other names in the certificate couldn’t be renewed. If you use --allow-subset-of-names, the renewal could potentially succeed with the loss of unexpected or unintended names from the certificate in addition to the specific name that you intended to remove.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.