Add option to ignore extra domains in existing and valid certificates #351

New Issue

adam · 2025-12-29T01:23:33+01:00

adam commented

2025-12-29 01:23:33 +01:00

Originally created by @bzed on GitHub (May 16, 2018).

Please add an option to allow dehydrated to ignore the case when more than the configured domains are listed in an existing SAN cert while the cert is still valid.
This would help in various cases - like migrating domains to other hosts automatically while the old IP is still cached in DNS servers. You want to have some grace period before removing names from SAN certs in such cases.

Originally created by @bzed on GitHub (May 16, 2018). Please add an option to allow dehydrated to ignore the case when more than the configured domains are listed in an existing SAN cert while the cert is still valid. This would help in various cases - like migrating domains to other hosts automatically while the old IP is still cached in DNS servers. You want to have some grace period before removing names from SAN certs in such cases.

adam closed this issue

2025-12-29 01:23:33 +01:00

adam commented

2025-12-29 01:23:34 +01:00

@lukas2511 commented on GitHub (Dec 10, 2020):

If you ever get into this situation I'd recommend to simply not tell dehydrated to refresh those certificates for now. It would make the logic a bit harder to check for this and I don't really see much of a benefit.

@lukas2511 commented on GitHub (Dec 10, 2020): If you ever get into this situation I'd recommend to simply not tell dehydrated to refresh those certificates for now. It would make the logic a bit harder to check for this and I don't really see much of a benefit.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#351