114

I have multiple domains with multiple certificates:

$ ll /etc/letsencrypt/live/
> domain1.com
> domain2.com
> domain3.com
> ...

I need to renew only domain1.com, but the command certbot renew renews certificates for all domains. How can I renew certain certificate explicitly?

Genjo
  • 371
  • 1
  • 5
  • 15
e-info128
  • 3,727
  • 10
  • 40
  • 57

4 Answers4

171

Renew a single certificate using renew with the --cert-name option.

(certonly creates a certificate for one or more domains, replacing it if exists).

Example

certbot renew --cert-name domain1.com --dry-run

Remove --dry-run to actually renew.

Cert-name != Domain name

Note that the value supplied to --cert-name option is a certificate name (not a domain name) found using

certbot certificates

Returning a list like

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: myfundomains.com
    Domains: myfundomains.com
    Expiry Date: 2018-05-04 04:28:05+00:00 (VALID: 67 days)
    Certificate Path: /etc/letsencrypt/live/myfundomains.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/myfundomains.com/privkey.pem
  Certificate Name: ask.myfundomain.com
    Domains: ask.myfundomain.com
    Expiry Date: 2018-03-13 18:59:40+00:00 (VALID: 16 days)
    Certificate Path: /etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ask.myfundomain.com/privkey.pem
  Certificate Name: forums.myfundomain.com
    Domains: forums.myfundomain.com forum.myfundomain.com
    Expiry Date: 2018-04-11 16:39:18+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/forums.myfundomain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/forums.myfundomain.com/privkey.pem
-------------------------------------------------------------------------------

Notice how the third Certificate name (forums.myfundomain.com) contains multiple domains:

  • forums.myfundomains.com
  • forum.myfundomains.com

Restart Apache / nginx

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ask.myfundomain.com/fullchain.pem
-------------------------------------------------------------------------------

Remember to restart your webserver to make use of the new certificate.

Baker
  • 24,730
  • 11
  • 100
  • 106
114

You can use this command (for Apache server):

certbot --apache certonly -n -d domain1.com
  • --apache for apache server, use --nginx flag for nginx server
  • -n option execute the command without prompt
  • -d domain1.com to execute only for domain1.com

You can test with --dry-run, and you can use --pre-hook and --post-hook like with certbot renew

Source : https://certbot.eff.org/docs/using.html#renewing-certificates

Arzhh
  • 1,280
  • 1
  • 9
  • 6
0

You can use this command on Nginx server

  1. Stop Nginx server

    sudo systemctl stop nginx

  2. Renew certbot

    sudo certbot certonly --force-renew -d domain1.com

  3. Start Nginx server

    sudo systemctl start nginx

  4. Check current certs

    sudo certbot certificates

Results:

Found the following certs: Certificate Name: domain1.com Serial Number: 4564f55f3fe993964f8bbc65249a7ed4c91 Key Type: RSA Domains: domain1.com Expiry Date: 2022-12-19 01:34:25+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/domain1.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/domain1.com/privkey.pem

lubrum
  • 352
  • 4
  • 21
Tuan Le Anh
  • 147
  • 7
0

To add a new domain name Wrote -le-ssl file manually and run the below command

 sudo certbot -d domainname --expand

Since automatic ssl file creation in Ubuntu 22 didn't support me

Kuhan
  • 495
  • 7
  • 17