Using Certbot to install an R3 Let's Encrypt certificate on an nginx webserver causes all the other domains in the nginx configuration to be included under "Subject Alternative Name" on the certificate. This is undesirable for my use case.
I read the man page here and some other Stack Exchange posts here and here.
Regarding the use of alternative names, the man page says (and I don't fully understand):
-d DOMAIN, --domains DOMAIN, --domain DOMAIN Domain names to apply. For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths for the certificate and related material unless otherwise specified or you already have a certificate with the same name. In the case of a name collision it will append a number like 0001 to the file path name. (default: Ask)
How can I specify or omit the Subject Alternative Names entirely when using Certbot to install a Let's Encrypt certificate? If Certbot can't, is there a different way while still using R3 Let's Encrypt certificates?
You don't really want to omit the Subject Alternative Names. If you omit the SAN no modern browser will accept your certificates as valid. If you don't want all domains in one certificate, just create them separately.