Remove a Subdomain from Let’s Encrypt Certificate

If the Let’s Encrypt Certificate includes a subdomain that has been removed, renewing the certificate will fail as it can’t resolve the subdomain to an IP address.

Show all certificates to get the certificate name

[root@server ~]# /root/certbot-auto certificates
Found the following certs:
Certificate Name: example.com
Domains: example.com www.example.com subdomain.example.com
Expiry Date: 2019–11–01 06:13:53+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

Update the certificate without the subdomain

[root@server ~]# /root/certbot-auto — cert-name example.com -d example.com -d www.example.com
How would you like to authenticate and install certificates?
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Select the appropriate number [1–2] then [enter] (press ‘c’ to cancel): 2
Plugins selected: Authenticator nginx, Installer nginx

Confirm the changes to domains included on the certificate

You are updating certificate example.com to include new domain(s):
(None)
You are also removing previously included domain(s):
- subdomain.example.com
Did you intend to make this change?
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
(U)pdate cert/(C)ancel: u

Show all certificates to check the new certificate has been installed

[root@server ~]# /root/certbot-auto certificates
Found the following certs:
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: 2020–03–09 09:24:23+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

Restart Nginx webserver to use the new certificate

[root@server ~]# service nginx restart
Stopping nginx: [ OK ]
Starting nginx: [ OK ]