Re: py39-certbot-2.6.0,1
- Reply: Jon Radel: "Re: py39-certbot-2.6.0,1"
- In reply to: Jon Radel: "Re: py39-certbot-2.6.0,1"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 17 Nov 2023 21:45:02 UTC
> On Nov 17, 2023, at 10:45, Jon Radel <jon@radel.com> wrote: > > On Thu, 16 Nov 2023 21:30:51 -0800 > Doug Hardie <bc979@lafn.org> wrote: >> Thanks to all who pointed me in the right direction. I still don't know where certbot keeps its info, but running: >> sermons# certbot certonly --webroot --expand -d sermon-archive.info,sasaweb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.steveandconnielarson.com >> generated new certificates without any issues. So, I am assuming that my presumption that the deleted domain was the issue. I must not have run the above command before. > > Actually, that generated a new certificate, not certificates. > > It's somewhat odd, by general industry practice, to use the same certificate for all one's clients. Not only do you make your client list more visible than it really should be, but, as you've found, failures with one client risk rippling to other clients when something goes wrong. > > Current cert: > > CN = sermon-archive.info > SAN = sasa-web.net > sermon-archive.info > steveandconnielarson.com > www.sasa-web.net > www.sermon-archive.info > www.steveandconnielarson.com > > The more common method: > > Cert 1: > CN = www.sermon-archive.info > SAN = sermon-archive.info > www.sermon-archive.info > > Cert 2: > CN = www.steveandconnielarson.com > SAN = steveandconnielarson.com > www.steveandconnielarson.com > > Cert 3: > CN = www.sasa-web.net > SAN = sasa-web.net > www.sasa-web.net Thanks. I didn’t know that. However the web server doesn’t handle different certs for multiple clients. Hence I have to use the combined cert. I guess I’ll add multiple cert support to the server — Doug