Now I want to remove just one domain from this certificate, and it becomes complicated to understand how to do it. The best solution is to create a new certificate for each of my domains, and then to delete the original certname.

Let’s say my certname is called www.example.com and it contains the below domains:

• www.example.com
• example.com
• blog.example.com
• other-example.com
• www.other-example.com
• my-other-domain.com
• www.my-other-domain.com
• api.test.com

The one I don’t need anymore is *.my-other-domain.com.

First, we create a certificate individually for each domain that we want to keep:

certbot --apache --cert-name example.com -d example.com,www.example.com,blog.example.com
certbot --apache --cert-name other-example.com -d other-example.com,www.other-example.com
certbot --apache --cert-name test.com -d api.test.com

--cert-name permits to give our own name to the certificate, and -d indicates which domains should be added to this certificate.

Then we can list all our certificates:

certbot certificates

Using the above command you can find the Certificate Path and now we can delete our original certificate:

certbot revoke --cert-path /etc/letsencrypt/live/www.example.com/fullchain.pem

You’re all set! All your domains should still have a correct certificate, and you revoked the ones you don’t need anymore.