Additional (non-existen) domains being automatically added

[vanowm]

I have this in my apache config:

MDomain example.com anotherdomain.com.example.com

(just 2 domains) mod_md fails renew certificate because it can't verify anotherdomain.com - what???

In md/domains/example.com/md.json it has:

{
  "domains": [
    "example.com",
    "anotherdomain.com.example.com",
    "anotherdomain.com",
    "www.anotherdomain.com"
  ]
 ...
}

There is no anotherdomain.com anywhere in my configurations. I've tried delete md directory, but after apache restart it still trying renew certificates for anotherdomain.com

P.S. At some point in the past, I did have anotherdomain.com at the MDomain line, but after removing it, it still being automatically added.

[icing]

The most likely cause of this is that you still have a ServerAlias anotherdomain.com somewhere in your Apache config files.

[vanowm]

I do have virtualhost setup for that domain:

<VirtualHost *:443>
  ServerName anotherdomain.com
  ServerAlias www.anotherdomain.com
  ServerAlias anotherdomain.com.example.com
 ...

Which seems like mod_md is picking up, because removing these aliases fixes this issue. Perhaps there should be an option to ignore any aliases, since they could be only local and let user actually dictate which domains they want to use?

[icing]

There is MDMembers manual which should do what you want.

The problem then is of course that you'll get a certificate that is not valid for someone contacting your server using that alias. Therefore the auto default.