Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to renew only one domain with certbot?

Tags:

lets-encrypt

certbot

I have multiple domains with multiple certificates:

$ ll /etc/letsencrypt/live/ > domain1.com > domain2.com > domain3.com > ...

I need to renew only domain1.com, but the command certbot renew renews certificates for all domains. How can I renew certain certificate explicitly?

like image 527
e-info128 Avatar asked Mar 04 '17 01:03

e-info128

People also ask

Can you use certbot without domain name?

Yes, you can!

1 Answers

Renew a single certificate using renew with the --cert-name option.

(certonly creates a certificate for one or more domains, replacing it if exists).

Example

certbot renew --cert-name domain1.com --dry-run

Remove --dry-run to actually renew.

Cert-name != Domain name

Note that the value supplied to --cert-name option is a certificate name (not a domain name) found using

certbot certificates

Returning a list like

------------------------------------------------------------------------------- Found the following certs:   Certificate Name: myfundomains.com     Domains: myfundomains.com     Expiry Date: 2018-05-04 04:28:05+00:00 (VALID: 67 days)     Certificate Path: /etc/letsencrypt/live/myfundomains.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/myfundomains.com/privkey.pem   Certificate Name: ask.myfundomain.com     Domains: ask.myfundomain.com     Expiry Date: 2018-03-13 18:59:40+00:00 (VALID: 16 days)     Certificate Path: /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/ask.myfundomain.com/privkey.pem   Certificate Name: forums.myfundomain.com     Domains: forums.myfundomain.com forum.myfundomain.com     Expiry Date: 2018-04-11 16:39:18+00:00 (VALID: 45 days)     Certificate Path: /etc/letsencrypt/live/forums.myfundomain.com/fullchain.pem     Private Key Path: /etc/letsencrypt/live/forums.myfundomain.com/privkey.pem -------------------------------------------------------------------------------

Notice how the third Certificate name (forums.myfundomain.com) contains multiple domains:

  • forums.myfundomains.com
  • forum.myfundomains.com

Restart Apache / nginx

------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem -------------------------------------------------------------------------------

Remember to restart your webserver to make use of the new certificate.

like image 55
Baker Avatar answered Sep 20 '22 20:09

Baker
Sign in to Comment

Related questions

How to set up Openshift with let's encrypt (letsencrypt)
Lets Encrypt ACME Challenge file not accessable from IIS
Let's Encrypt Failing DVSNI Challenge
Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX
Whats the difference between OpenSSL and LetsEncrypt? [closed]
LetsEncrypt certbot multiple renew-hooks
Letsencrypt certificate for www and non-www domain
Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"
How to stop renewing a letsencrypt/certbot certificate?
Issue using certbot with nginx
Let's encrypt error certificate install error - "Client with the currently selected authenticator does not support any combination of challenges" [closed]
Certbot Apache error "Name duplicates previous WSGI daemon definition."
How do I schedule the Let's Encrypt certbot to automatically renew my certificate in cron?
How do I use let’s encrypt with gitlab?
How to set up Let's Encrypt for a Go server application
Generate CRT & KEY ssl files from Let's Encrypt from scratch
https on S3 WITHOUT cloudfront possible?
How to install Certbot (Let's Encrypt) without interaction?
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
Letsencrypt renewal fails: Could not bind to IPv4 or IPv6.. Skipping

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!