Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Nov 2023 13:45:01 -0500
From:      "Jon Radel" <jon@radel.com>
To:        "Doug Hardie" <bc979@lafn.org>, questions@freebsd.org
Subject:   Re: py39-certbot-2.6.0,1
Message-ID:  <web-3228057@radel.com>
In-Reply-To: <4F1E1950-5734-4586-A33A-6D2E92140763@sermon-archive.info>
References:  <E9299A1C-27B1-46CE-95B3-926AAEA56DF1@sermon-archive.info> <173e9c01-1e50-43ce-8acb-22a33f9603d4@gmail.com> <8D21AE27-BE70-4158-B198-4B06C7D4A981@sermon-archive.info> <75f4ef5a-e6cc-425f-8a07-9f5f95e4d8aa@nomadlogic.org> <6AA4AA77-A7FA-4290-A75B-14090F47F41F@sermon-archive.info> <4F1E1950-5734-4586-A33A-6D2E92140763@sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 16 Nov 2023 21:30:51 -0800
  Doug Hardie <bc979@lafn.org> wrote:
> Thanks to all who pointed me in the right direction.  I still don't 
>know where certbot keeps its info, but running:
> 
> sermons# certbot certonly --webroot --expand -d 
>sermon-archive.info,sasaweb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.steveandconnielarson.com
> 
> generated new certificates without any issues.   So, I am assuming 
>that my presumption that the deleted domain was the issue.  I must 
>not have run the above command before.

Actually, that generated a new certificate, not certificates.

It's somewhat odd, by general industry practice, to use the same 
certificate for all one's clients.  Not only do you make your client 
list more visible than it really should be, but, as you've found, 
failures with one client risk rippling to other clients when something 
goes wrong.

Current cert:

CN = sermon-archive.info
SAN = sasa-web.net
   sermon-archive.info
   steveandconnielarson.com
   www.sasa-web.net
   www.sermon-archive.info
   www.steveandconnielarson.com

The more common method:

Cert 1:
CN = www.sermon-archive.info
SAN = sermon-archive.info
   www.sermon-archive.info

Cert 2:
CN = www.steveandconnielarson.com
SAN = steveandconnielarson.com
   www.steveandconnielarson.com

Cert 3:
CN = www.sasa-web.net
SAN = sasa-web.net
   www.sasa-web.net

--Jon Radel

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-3228057>