When running the command certbot certificate
I get this result
Certificate Name: effstaging.net Domains: etffstaging.net bern.etffstaging.net bernst.etffstaging.net bernsteiaaax.com
I need to remove bernst.etffstaging.net bernsteiaaax.com from the certificate because we no longer mange those domains. How is this done?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there @austinCoral,
What you need to do is to issue a new certificate for the domain names that should be part of the certificate:
sudo certbot --nginx -d example.com -d www.example.com
Hope that this helps! Regards, Bobby
I went to this folder: cd /etc/letsencrypt/renewal/
Then used sudo rm to remove the conf files of the old domains.
Seems to have worked, will see in 12 hours. :D
To remove specific domains from a Let’s Encrypt certificate managed by Certbot, you essentially have two options: either create a new certificate that includes only the domains you want, or attempt to modify the existing certificate. However, Certbot doesn’t directly support removing individual domains from an existing certificate; it’s generally simpler to issue a new certificate with the desired domains. Here’s how you can do it:
Option 1: Create a New Certificate
-
Issue a New Certificate
Run Certbot for your remaining domains, and it will create a new certificate:
sudo certbot certonly --nginx -d etffstaging.net -d bern.etffstaging.net
Replace --nginx with your web server plugin if you’re not using Nginx (e.g., --apache).
-
Update Nginx Configuration
After obtaining the new certificate, update your Nginx configuration to use the new certificate files.
-
Reload Nginx
After updating the Nginx configuration:
sudo nginx -t
sudo systemctl reload nginx
- Optional: Delete the Old Certificate
Once you’re sure the new certificate is working correctly, you can delete the old certificate. List all certificates:
sudo certbot certificates
Then delete the specific certificate:
sudo certbot delete --cert-name old-certificate-name
Replace old-certificate-name with the name of the certificate you want to delete.
Option 2: Attempt to Modify the Existing Certificate
While Certbot doesn’t directly support removing a domain from an existing certificate, you can try to “renew” the certificate with only the domains you want to keep:
sudo certbot certonly --nginx -d etffstaging.net -d bern.etffstaging.net --force-renewal
This approach forces a renewal of the certificate for only the specified domains. It’s essentially similar to creating a new certificate but tries to overwrite the existing one.
Important Notes
-
Ensure that your DNS records for
etffstaging.netandbern.etffstaging.netare correctly pointing to your server. -
Always test your web server configuration for syntax errors after making changes.
-
Consider backing up existing SSL certificates before making changes, just in case you need to revert.
-
Be aware of the rate limits imposed by Let’s Encrypt. Excessive certificate requests can lead to temporary blocks.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.