Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Nov 2023 13:45:02 -0800
From:      Doug Hardie <bc979@lafn.org>
To:        Jon Radel <jon@radel.com>
Cc:        questions@freebsd.org
Subject:   Re: py39-certbot-2.6.0,1
Message-ID:  <3D6D10A6-7E9A-400D-A59D-21AD72C0B974@lafn.org>
In-Reply-To: <web-3228057@radel.com>
References:  <web-3228057@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On Nov 17, 2023, at 10:45, Jon Radel <jon@radel.com> wrote:
>=20
> =EF=BB=BFOn Thu, 16 Nov 2023 21:30:51 -0800
> Doug Hardie <bc979@lafn.org> wrote:
>> Thanks to all who pointed me in the right direction.  I still don't know w=
here certbot keeps its info, but running:
>> sermons# certbot certonly --webroot --expand -d sermon-archive.info,sasaw=
eb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.=
steveandconnielarson.com
>> generated new certificates without any issues.   So, I am assuming that m=
y presumption that the deleted domain was the issue.  I must not have run th=
e above command before.
>=20
> Actually, that generated a new certificate, not certificates.
>=20
> It's somewhat odd, by general industry practice, to use the same certifica=
te for all one's clients.  Not only do you make your client list more visibl=
e than it really should be, but, as you've found, failures with one client r=
isk rippling to other clients when something goes wrong.
>=20
> Current cert:
>=20
> CN =3D sermon-archive.info
> SAN =3D sasa-web.net
>  sermon-archive.info
>  steveandconnielarson.com
>  www.sasa-web.net
>  www.sermon-archive.info
>  www.steveandconnielarson.com
>=20
> The more common method:
>=20
> Cert 1:
> CN =3D www.sermon-archive.info
> SAN =3D sermon-archive.info
>  www.sermon-archive.info
>=20
> Cert 2:
> CN =3D www.steveandconnielarson.com
> SAN =3D steveandconnielarson.com
>  www.steveandconnielarson.com
>=20
> Cert 3:
> CN =3D www.sasa-web.net
> SAN =3D sasa-web.net
>  www.sasa-web.net

Thanks. I didn=E2=80=99t know that. However the web server doesn=E2=80=99t h=
andle different certs for multiple clients. Hence I have to use the combined=
 cert. I guess I=E2=80=99ll add multiple cert support to the server=20

=E2=80=94 Doug=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D6D10A6-7E9A-400D-A59D-21AD72C0B974>