I have multiple domains with multiple certificates:
$ ll /etc/letsencrypt/live/ > domain1.com > domain2.com > domain3.com > ... I need to renew only domain1.com, but the command certbot renew renews certificates for all domains. How can I renew certain certificate explicitly?
2 Answers
Renew a single certificate using renew with the --cert-name option.
(certonly creates a certificate for one or more domains, replacing it if exists).
Example
certbot renew --cert-name domain1.com --dry-run Remove --dry-run to actually renew.
Cert-name != Domain name
Note that the value supplied to --cert-name option is a certificate name (not a domain name) found using
certbot certificates Returning a list like
------------------------------------------------------------------------------- Found the following certs: Certificate Name: myfundomains.com Domains: myfundomains.com Expiry Date: 2018-05-04 04:28:05+00:00 (VALID: 67 days) Certificate Path: /etc/letsencrypt/live/ Private Key Path: /etc/letsencrypt/live/ Certificate Name: ask.myfundomain.com Domains: ask.myfundomain.com Expiry Date: 2018-03-13 18:59:40+00:00 (VALID: 16 days) Certificate Path: /etc/letsencrypt/live/ Private Key Path: /etc/letsencrypt/live/ Certificate Name: forums.myfundomain.com Domains: forums.myfundomain.com forum.myfundomain.com Expiry Date: 2018-04-11 16:39:18+00:00 (VALID: 45 days) Certificate Path: /etc/letsencrypt/live/ Private Key Path: /etc/letsencrypt/live/ ------------------------------------------------------------------------------- Notice how the third Certificate name (forums.myfundomain.com) contains multiple domains:
- forums.myfundomains.com
- forum.myfundomains.com
Restart Apache / nginx
------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/ ------------------------------------------------------------------------------- Remember to restart your webserver to make use of the new certificate.
2You can use this command (for Apache server):
certbot --apache certonly -n -d domain1.com --apachefor apache server, use--nginxflag for nginx server-noption execute the command without prompt-d domain1.comto execute only for domain1.com
You can test with --dry-run, and you can use --pre-hook and --post-hook like with certbot renew