I have the following certificate:
# certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log Found the following certs: Certificate Name: domain.tld Domains: domain.tld imap.domain.tld mail.domain.tld pop.domain.tld smtp.domain.tld www.domain.tld Expiry Date: 2019-09-09 03:34:20+00:00 (VALID: 62 days) Certificate Path: /etc/letsencrypt/live/domain.tld/fullchain.pem Private Key Path: /etc/letsencrypt/live/domain.tld/privkey.pem
Now what I want to do is to remove
www.domain.tld from the certificate, because the web server has moved to another instance. The fact, that the DNS entries have been changed means, that the renewal process will fail if
www.domain.tld are still part of the certificate, because the DNS entries point to another IP now.
How can I remove certain host names from a let’s encrypt certificate without deleting the certificate and creating a new one?
I don’t usually bother reissuing certificates in this case. I just edit the configuration file in
/etc/letsencrypt/renewal/example.com.conf and remove the domain from there. At the next renewal, the new certificate will no longer contain the removed domain.
But in your case, as the name you want to remove was the original one for the certificate, I would suggest you not renew this cert at all, but remove the renewal configuration file for the old cert then issue a new cert with only the names you want to keep.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.