Date: Fri, 17 Nov 2023 13:45:02 -0800 From: Doug Hardie <bc979@lafn.org> To: Jon Radel <jon@radel.com> Cc: questions@freebsd.org Subject: Re: py39-certbot-2.6.0,1 Message-ID: <3D6D10A6-7E9A-400D-A59D-21AD72C0B974@lafn.org> In-Reply-To: <web-3228057@radel.com> References: <web-3228057@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Nov 17, 2023, at 10:45, Jon Radel <jon@radel.com> wrote: >=20 > =EF=BB=BFOn Thu, 16 Nov 2023 21:30:51 -0800 > Doug Hardie <bc979@lafn.org> wrote: >> Thanks to all who pointed me in the right direction. I still don't know w= here certbot keeps its info, but running: >> sermons# certbot certonly --webroot --expand -d sermon-archive.info,sasaw= eb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.= steveandconnielarson.com >> generated new certificates without any issues. So, I am assuming that m= y presumption that the deleted domain was the issue. I must not have run th= e above command before. >=20 > Actually, that generated a new certificate, not certificates. >=20 > It's somewhat odd, by general industry practice, to use the same certifica= te for all one's clients. Not only do you make your client list more visibl= e than it really should be, but, as you've found, failures with one client r= isk rippling to other clients when something goes wrong. >=20 > Current cert: >=20 > CN =3D sermon-archive.info > SAN =3D sasa-web.net > sermon-archive.info > steveandconnielarson.com > www.sasa-web.net > www.sermon-archive.info > www.steveandconnielarson.com >=20 > The more common method: >=20 > Cert 1: > CN =3D www.sermon-archive.info > SAN =3D sermon-archive.info > www.sermon-archive.info >=20 > Cert 2: > CN =3D www.steveandconnielarson.com > SAN =3D steveandconnielarson.com > www.steveandconnielarson.com >=20 > Cert 3: > CN =3D www.sasa-web.net > SAN =3D sasa-web.net > www.sasa-web.net Thanks. I didn=E2=80=99t know that. However the web server doesn=E2=80=99t h= andle different certs for multiple clients. Hence I have to use the combined= cert. I guess I=E2=80=99ll add multiple cert support to the server=20 =E2=80=94 Doug=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D6D10A6-7E9A-400D-A59D-21AD72C0B974>