ACME.SH is a script for handling Let’s Encrypt SSL certificates, and it supports multiple domain certificates.
If you’re facing issues renewing a multi-domain certificate with ACME.SH and one of the domains is no longer in use, you might want to consider the following steps:
Update ACME.SH
Ensure that you are using the latest version of ACME.SH. You can upgrade to the latest version using the following command:
acme.sh --upgrade
Remove Unnecessary Domains
If one of the domains is no longer in use and you don’t want to renew it, you can remove it from the certificate by running the following command:
acme.sh --remove -d olddomain.com
Renew the Certificate
After removing the unnecessary domain, attempt to renew the certificate for the remaining domains in the list
The following is the general ACME.SH renewal command you can use:
acme.sh --renew -d example.com -d www.example.com -d cp.example.com
However, if the above command doesn’t work, then you can define the installation mode based on the platform you’re using: For example:
- Renew for Standalone server
You may be required to add the --standalone
option in the command as seen below:
acme.sh --renew --standalone -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
- Renew for apache
You will need to add the --apache
option in the command:
acme.sh --renew --apache -d example.com -d www.example.com -d cp.example.com
- Renew for Nginx
Add the --nginx
option as seen below:
acme.sh --renew --nginx -d example.com -d www.example.com -d cp.example.com
Force Renewal
If you are still facing issues, you can try forcing the renewal with the --force
option:
acme.sh --renew -d yourdomain.com --force
DNS ALIAS Configuration
If you’re using DNS ALIAS records, double-check that the DNS records for the active domains are still configured correctly.,
You can add the --dns
option when issuing the certificate to be able to retrive the TXT records you need for the DNS verification:
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
The output of the above command will be as seen below:
Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please add those txt records to the domains. Waiting for the dns to take effect.
Now, all you have to do is to run the following command:
acme.sh --renew -d example.com
Check Logs
Review the logs for any specific error messages or warnings. The logs can provide valuable information about what might be going wrong:
cat /root/.acme.sh/*.log
Contact Support
If all else fails, consider reaching out to the ACME.SH community or support for assistance. They may be able to provide specific guidance based on the error messages you encounter.