Removing certifications from your certbot
So I recently was upgrading certificates on my web server, when one of the sites reported an error:
- The following errors were reported by the server:
Domain: xn--skulsvettvangurinn-nub8rmk.is
Type: connection
Detail: Connection refusedTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
The problem I was dealing with was that this domain was a part of four other domains in the cert, and only this one was not responding (for reasons I don't fully understand).
Anywho, I needed to remove the cert from the chain, so at least the other domains would respond, but it took me a while to find that answer, which was buried deep within the wilderness of the internet.
In order to remove (or add) a domain to a cert you need to run the certbot command again, with the --cert-name parameter, the domain name and then all the domains that need to remain in the chain plus the one being added. Like this:
certbot --cert-name xxxx.org -d xxxx.org -d aaaaa.org
Now the certbot will let me know what domains are going to be added and which will be removed.
Add new comment