If the Let’s Encrypt Certificate includes a subdomain that has been removed, renewing the certificate will fail as it can’t resolve the subdomain to an IP address.
Show all certificates to get the certificate name
[root@server ~]# /root/certbot-auto certificates Found the following certs: Certificate Name: example.com Domains: example.com www.example.com subdomain.example.com Expiry Date: 2019–11–01 06:13:53+00:00 (INVALID: EXPIRED) Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Update the certificate without the subdomain
[root@server ~]# /root/certbot-auto — cert-name example.com -d example.com -d www.example.com How would you like to authenticate and install certificates? - — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — 1: Apache Web Server plugin (apache) 2: Nginx Web Server plugin (nginx) - — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — Select the appropriate number [1–2] then [enter] (press ‘c’ to cancel): 2 Plugins selected: Authenticator nginx, Installer nginx
Confirm the changes to domains included on the certificate
You are updating certificate example.com to include new domain(s):(None) You are also removing previously included domain(s): - subdomain.example.com Did you intend to make this change? - — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —( U)pdate cert/(C)ancel: u
Show all certificates to check the new certificate has been installed
[root@server ~]# /root/certbot-auto certificates Found the following certs: Certificate Name: example.com Domains: example.com www.example.com Expiry Date: 2020–03–09 09:24:23+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Restart Nginx webserver to use the new certificate
[root@server ~]# service nginx restart Stopping nginx: [ OK ] Starting nginx: [ OK ]
Made with Bullet