diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py
index 9c998fe2..e636dac9 100755
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -15,6 +15,7 @@ command = [
     "--cert-name", "mailu",
     "--preferred-challenges", "http", "--http-01-port", "8008",
     "--keep-until-expiring",
+    "--allow-subset-of-names",
     "--renew-with-new-domains",
     "--config-dir", "/certs/letsencrypt",
     "--post-hook", "/config.py"
@@ -28,6 +29,7 @@ command2 = [
     "--cert-name", "mailu-ecdsa",
     "--preferred-challenges", "http", "--http-01-port", "8008",
     "--keep-until-expiring",
+    "--allow-subset-of-names",
     "--key-type", "ecdsa",
     "--renew-with-new-domains",
     "--config-dir", "/certs/letsencrypt",
diff --git a/towncrier/newsfragments/2467.bugfix b/towncrier/newsfragments/2467.bugfix
new file mode 100644
index 00000000..66738a89
--- /dev/null
+++ b/towncrier/newsfragments/2467.bugfix
@@ -0,0 +1 @@
+Ensure that Mailu keeps working even if it can't obtain a certificate from letsencrypt for one of the HOSTNAMES