How to renew only one domain with certbot?
I have multiple domains with multiple certificates:
$ ll /etc/letsencrypt/live/
> domain1.com
> domain2.com
> domain3.com
> ...
I need to renew only domain1.com
, but the command certbot renew
renews certificates for all domains. How can I renew certain certificate explicitly?
Solution 1:
Renew a single certificate using renew
with the --cert-name
option.
(certonly
creates a certificate for one or more domains, replacing it if exists).
Example
certbot renew --cert-name domain1.com --dry-run
Remove --dry-run
to actually renew.
Cert-name != Domain name
Note that the value supplied to --cert-name option is a certificate name (not a domain name) found using
certbot certificates
Returning a list like
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: myfundomains.com
Domains: myfundomains.com
Expiry Date: 2018-05-04 04:28:05+00:00 (VALID: 67 days)
Certificate Path: /etc/letsencrypt/live/myfundomains.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/myfundomains.com/privkey.pem
Certificate Name: ask.myfundomain.com
Domains: ask.myfundomain.com
Expiry Date: 2018-03-13 18:59:40+00:00 (VALID: 16 days)
Certificate Path: /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ask.myfundomain.com/privkey.pem
Certificate Name: forums.myfundomain.com
Domains: forums.myfundomain.com forum.myfundomain.com
Expiry Date: 2018-04-11 16:39:18+00:00 (VALID: 45 days)
Certificate Path: /etc/letsencrypt/live/forums.myfundomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/forums.myfundomain.com/privkey.pem
-------------------------------------------------------------------------------
Notice how the third Certificate name (forums.myfundomain.com) contains multiple domains:
- forums.myfundomains.com
- forum.myfundomains.com
Restart Apache / nginx
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem
-------------------------------------------------------------------------------
Remember to restart your webserver to make use of the new certificate.
Solution 2:
You can use this command (for Apache server):
certbot --apache certonly -n -d domain1.com
-
--apache
for apache server, use--nginx
flag for nginx server -
-n
option execute the command without prompt -
-d domain1.com
to execute only for domain1.com
You can test with --dry-run
, and you can use --pre-hook
and --post-hook
like with certbot renew
Source : https://certbot.eff.org/docs/using.html#renewing-certificates