How to renew only one domain with certbot?

Tags:

lets-encrypt

certbot

I have multiple domains with multiple certificates:

$ ll /etc/letsencrypt/live/ > domain1.com > domain2.com > domain3.com > ...

I need to renew only domain1.com, but the command certbot renew renews certificates for all domains. How can I renew certain certificate explicitly?

527

asked Mar 04 '17 01:03

e-info128

1 Answers

Renew a single certificate using renew with the --cert-name option.

(certonly creates a certificate for one or more domains, replacing it if exists).

Example

certbot renew --cert-name domain1.com --dry-run

Remove --dry-run to actually renew.

Cert-name != Domain name

Note that the value supplied to --cert-name option is a certificate name (not a domain name) found using

certbot certificates

Returning a list like

------------------------------------------------------------------------------- Found the following certs:   Certificate Name: myfundomains.com     Domains: myfundomains.com     Expiry Date: 2018-05-04 04:28:05+00:00 (VALID: 67 days)     Certificate Path: /etc/letsencrypt/live/myfundomains.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/myfundomains.com/privkey.pem   Certificate Name: ask.myfundomain.com     Domains: ask.myfundomain.com     Expiry Date: 2018-03-13 18:59:40+00:00 (VALID: 16 days)     Certificate Path: /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/ask.myfundomain.com/privkey.pem   Certificate Name: forums.myfundomain.com     Domains: forums.myfundomain.com forum.myfundomain.com     Expiry Date: 2018-04-11 16:39:18+00:00 (VALID: 45 days)     Certificate Path: /etc/letsencrypt/live/forums.myfundomain.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/forums.myfundomain.com/privkey.pem -------------------------------------------------------------------------------

Notice how the third Certificate name (forums.myfundomain.com) contains multiple domains:

forums.myfundomains.com
forum.myfundomains.com

Restart Apache / nginx

------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem -------------------------------------------------------------------------------

Remember to restart your webserver to make use of the new certificate.

answered Sep 20 '22 20:09

Baker

Related questions
                            
                                How to set up Openshift with let's encrypt (letsencrypt)
                            
                                Lets Encrypt ACME Challenge file not accessable from IIS
                            
                                Let's Encrypt Failing DVSNI Challenge
                            
                                Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX
                            
                                Whats the difference between OpenSSL and LetsEncrypt? [closed]
                            
                                LetsEncrypt certbot multiple renew-hooks
                            
                                Letsencrypt certificate for www and non-www domain
                            
                                Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"
                            
                                How to stop renewing a letsencrypt/certbot certificate?
                            
                                Issue using certbot with nginx
                            
                                Let's encrypt error certificate install error - "Client with the currently selected authenticator does not support any combination of challenges" [closed]
                            
                                Certbot Apache error "Name duplicates previous WSGI daemon definition."
                            
                                How do I schedule the Let's Encrypt certbot to automatically renew my certificate in cron?
                            
                                How do I use let’s encrypt with gitlab?
                            
                                How to set up Let's Encrypt for a Go server application
                            
                                Generate CRT & KEY ssl files from Let's Encrypt from scratch
                            
                                https on S3 WITHOUT cloudfront possible?
                            
                                How to install Certbot (Let's Encrypt) without interaction?
                            
                                How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
                            
                                Letsencrypt renewal fails: Could not bind to IPv4 or IPv6.. Skipping

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With