I recently got an error during a certbot renewal:
Challenge failed for domain echo.fmarier.org
Failed to renew certificate jabber-gw.fmarier.org with error: Some challenges have failed.
The following renewals failed:
/etc/letsencrypt/live/jabber-gw.fmarier.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
due to the fact that I had removed the DNS entry for echo.fmarier.org.
I tried to find a way to remove that name from the certificate before renewing it, but it seems like the only way to do it is to create a new certificate without that alternative name.
First, I looked for the domains included in the certificate:
$ certbot certificates
...
Certificate Name: jabber-gw.fmarier.org
Serial Number: 31485424904a33fb2ab43ab174b4b146512
Key Type: RSA
Domains: jabber-gw.fmarier.org echo.fmarier.org fmarier.org
Expiry Date: 2022-01-04 05:28:57+00:00 (VALID: 29 days)
Certificate Path: /etc/letsencrypt/live/jabber-gw.fmarier.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/jabber-gw.fmarier.org/privkey.pem
Then, deleted the existing certificate:
$ certbot delete jabber-gw.fmarier.org
and finally created a new certificate with all other names except for the obsolete one:
$ certbot certonly -d jabber-gw.fmarier.org -d fmarier.org --duplicate
certbot certificates
Found the following certs: Certificate Name: www..org . Domains: mail..org www..org xmpp..org
certbot delete www..org
usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
certbot delete --cert-name www..org
Are you sure you want to delete the above certificate(s)? (Y)es/(N)o: y Deleted all files relating to certificate www..org
certbot certonly -d www..org -d mail..org --duplicate
Saving debug log to /var/log/letsencrypt/letsencrypt.log Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/www..org/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory: