From nobody Fri Nov 17 18:45:01 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SX5S42476z51Fbs for ; Fri, 17 Nov 2023 18:45:08 +0000 (UTC) (envelope-from bounce.6oxc7h2f30=icgj42r1w0tv=0t20c4ffgi@em481160.radel.com) Received: from a4i76.smtp2go.com (a4i76.smtp2go.com [158.120.80.76]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SX5S409Wkz4dmF for ; Fri, 17 Nov 2023 18:45:07 +0000 (UTC) (envelope-from bounce.6oxc7h2f30=icgj42r1w0tv=0t20c4ffgi@em481160.radel.com) Authentication-Results: mx1.freebsd.org; none Received: from [10.150.238.204] (helo=smtp.aws.radel.com) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96.1-S2G) (envelope-from ) id 1r43pv-wSQq1k-0i; Fri, 17 Nov 2023 18:45:03 +0000 Received: from radel.com (fly.radel.com [70.184.242.170]) by smtp.aws.radel.com (Postfix) with ESMTPS id ECFE17D020; Fri, 17 Nov 2023 18:45:01 +0000 (UTC) X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.19.2 (ClamAV engine v0.99.2) X-ExtFilter: Niversoft's DomainKeys Helper DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; d=radel.com; s=20170108.radel; h=From:Subject:To:X-Mailer:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type:Content-Transfer-Encoding; b=XoZjOBEskZGfNGjeMtZ9vT4C7Wlhzt4fPSYkSYbVcW6OqIqciA2vvr5rctZQ28lbDf olL9cJlBgeMZKlmikzckTAL661N95RuYg0dLkm2sXGsmw5IQwtZyGzE44Psl3dWD4fw8 avimgpRIWZ4nE0ySWHj3wkmtfY8p6/RK5o+r3pHBl6mnXO1Czyz5kTvotMEIZW6BcgFv k2eoEW3aesS4Q0atavu+SH0LbHY23wACB/yIFJnnYwS4U5egmv4kRUsHFe7195hEyP4u 3+Lryt74ZzDsyr61wztNURWfvp0zQHuHo8V/Thb44L691130/NBoYtFpBdhjpm+CEach PohQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radel.com; s=20170108.radel; t=1700246701; x=1700851501; q=dns/txt; h=From:Subject:To:X-Mailer:Date:Message-ID: In-Reply-To:References:MIME-Version:Content-Type: Content-Transfer-Encoding; bh=N+utg5Cegh9QIvDWluOeXOlI5odKvDoHDy 2aE8c1fTE=; b=c0T8pAJD5bQ9Nt//LaAG/8nPp+lmGIxU02OtT8/J/i8K3GS1Jh r4V+Gez8FwwofyLU+LtsHIRy5IgVypTjcz8QT1+WMx7MrhWQBAhYshc/3vUHhelD zuWsP87GNSywiyLLR72VbieOAy239jwHPo+at6jFCifPBNYOyUkoTrdI1kgsH0PZ VoambSVyCpLUl3HAdmsERUU3RdJehOwxyWuFZa1N7acoN3dlRGYew5hCDlzrb31Z efLxNsIQnVUbIBVKqK459shyzlNMGdN7XWaYtxwlaZar3kCqoPSvoXErmzCbIP2P QFxpGwd4pnEJzEaWCm0dPsfdvLVQERZeuQ1A== Received: from [205.251.20.82] (account jon@radel.com) by radel.com (CommuniGate Pro WEBUSER 6.1.14 _community_) with HTTP id 3228053; Fri, 17 Nov 2023 18:45:01 +0000 From: "Jon Radel" Subject: Re: py39-certbot-2.6.0,1 To: "Doug Hardie" , questions@freebsd.org X-Mailer: CommuniGate Pro WebUser v6.1.14 Date: Fri, 17 Nov 2023 13:45:01 -0500 Message-ID: In-Reply-To: <4F1E1950-5734-4586-A33A-6D2E92140763@sermon-archive.info> References: <173e9c01-1e50-43ce-8acb-22a33f9603d4@gmail.com> <8D21AE27-BE70-4158-B198-4B06C7D4A981@sermon-archive.info> <75f4ef5a-e6cc-425f-8a07-9f5f95e4d8aa@nomadlogic.org> <6AA4AA77-A7FA-4290-A75B-14090F47F41F@sermon-archive.info> <4F1E1950-5734-4586-A33A-6D2E92140763@sermon-archive.info> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8; format="flowed" Content-Transfer-Encoding: 8bit X-smtpcorp-track: 1r43pvwSQq1k0i.V3SIlOun7ciSi DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smtpcorp.com; i=@smtpcorp.com; q=dns/txt; s=a1-4; t=1700246705; h=feedback-id : x-smtpcorp-track : date : message-id : to : subject : from : reply-to : sender : list-unsubscribe; bh=N+utg5Cegh9QIvDWluOeXOlI5odKvDoHDy2aE8c1fTE=; b=3NuEi1knYGEYz9sMzYEbLyV8s0oUNuCg9vpLVIpg602xFWXviC/Po3x08cHa/rgPFhwXo K8DD+ClaCfXN5s2+PlUMtBxjiz8QSshEkPSFPED2rSf2h9A6nUBpFVriga8HbKzogmY3sWF H6xhEl/oODtdn/Nsnbb6eEgI4JVtN9VYNj3UZ9ZXitDoDkLEupGpWDxX7hy6NtXxDKmHjfE cVnkUmtju2QorBYpINGyWsIqiznI47dL4Nc9GG56ty0UNLYqf0P/xUEF7Moe1eSprL+lwOX APtByb1fJ29nn0x4i2UWkGnBA/c8/F4Hj7U1OP27jgTDaucQRYG25xEoJQcQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radel.com; i=@radel.com; q=dns/txt; s=s481160; t=1700246705; h=from : subject : to : message-id : date; bh=N+utg5Cegh9QIvDWluOeXOlI5odKvDoHDy2aE8c1fTE=; b=hW7f+Gou23ElNYtaPABeOx+gUhQWbi1jxojZLntENCB1HzBorSvNtp9IuYSFY6ldRV7xQ SMEKs8TlM4V1PcCozKfihENKwwwFmybq4IhjC1qq8BDYn8aOULcxX3EUOgSgcN7VhN5fnw/ +FqgeYYeO6Z0UYmgTWHI5DLi1/i+pdBMniErJjklyMHxXeT9Ad2Lw07VGjYyZKK1SDmxoPx gpEu9oOgUqzaKT4WLCQK0IIYl+fn/f7A7zo5qyNgr5BtrFii8q2R2A5r33fuQEATvGrwB9a 7oQV2m48sM//werkIkcPCBwOv2moX7qNZcBwb+cxRGRrPQKb/vcKuL4QG5+g== X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:23352, ipnet:158.120.80.0/22, country:US] X-Rspamd-Queue-Id: 4SX5S409Wkz4dmF On Thu, 16 Nov 2023 21:30:51 -0800 Doug Hardie wrote: > Thanks to all who pointed me in the right direction. I still don't >know where certbot keeps its info, but running: > > sermons# certbot certonly --webroot --expand -d >sermon-archive.info,sasaweb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.steveandconnielarson.com > > generated new certificates without any issues. So, I am assuming >that my presumption that the deleted domain was the issue. I must >not have run the above command before. Actually, that generated a new certificate, not certificates. It's somewhat odd, by general industry practice, to use the same certificate for all one's clients. Not only do you make your client list more visible than it really should be, but, as you've found, failures with one client risk rippling to other clients when something goes wrong. Current cert: CN = sermon-archive.info SAN = sasa-web.net sermon-archive.info steveandconnielarson.com www.sasa-web.net www.sermon-archive.info www.steveandconnielarson.com The more common method: Cert 1: CN = www.sermon-archive.info SAN = sermon-archive.info www.sermon-archive.info Cert 2: CN = www.steveandconnielarson.com SAN = steveandconnielarson.com www.steveandconnielarson.com Cert 3: CN = www.sasa-web.net SAN = sasa-web.net www.sasa-web.net --Jon Radel