From nobody Fri Nov 17 21:45:02 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SX9S333BGz51Q1P for ; Fri, 17 Nov 2023 21:45:23 +0000 (UTC) (envelope-from SRS0=RGhx=G6=lafn.org=bc979@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4SX9S30yg8z3dy6 for ; Fri, 17 Nov 2023 21:45:23 +0000 (UTC) (envelope-from SRS0=RGhx=G6=lafn.org=bc979@sermon-archive.info) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (8.sub-174-193-193.myvzw.com [174.193.193.8]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4SX9Rv35xXz2fjV3; Fri, 17 Nov 2023 13:45:15 -0800 (PST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Doug Hardie List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (1.0) Subject: Re: py39-certbot-2.6.0,1 Date: Fri, 17 Nov 2023 13:45:02 -0800 Message-Id: <3D6D10A6-7E9A-400D-A59D-21AD72C0B974@lafn.org> References: Cc: questions@freebsd.org In-Reply-To: To: Jon Radel X-Mailer: iPhone Mail (21B91) X-Virus-Scanned: clamav-milter 1.1.2 at mail X-Virus-Status: Clean X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US] X-Rspamd-Queue-Id: 4SX9S30yg8z3dy6 > On Nov 17, 2023, at 10:45, Jon Radel wrote: >=20 > =EF=BB=BFOn Thu, 16 Nov 2023 21:30:51 -0800 > Doug Hardie wrote: >> Thanks to all who pointed me in the right direction. I still don't know w= here certbot keeps its info, but running: >> sermons# certbot certonly --webroot --expand -d sermon-archive.info,sasaw= eb.net,steveandconnielarson.com,www.sasa-web.net,www.sermonarchive.info,www.= steveandconnielarson.com >> generated new certificates without any issues. So, I am assuming that m= y presumption that the deleted domain was the issue. I must not have run th= e above command before. >=20 > Actually, that generated a new certificate, not certificates. >=20 > It's somewhat odd, by general industry practice, to use the same certifica= te for all one's clients. Not only do you make your client list more visibl= e than it really should be, but, as you've found, failures with one client r= isk rippling to other clients when something goes wrong. >=20 > Current cert: >=20 > CN =3D sermon-archive.info > SAN =3D sasa-web.net > sermon-archive.info > steveandconnielarson.com > www.sasa-web.net > www.sermon-archive.info > www.steveandconnielarson.com >=20 > The more common method: >=20 > Cert 1: > CN =3D www.sermon-archive.info > SAN =3D sermon-archive.info > www.sermon-archive.info >=20 > Cert 2: > CN =3D www.steveandconnielarson.com > SAN =3D steveandconnielarson.com > www.steveandconnielarson.com >=20 > Cert 3: > CN =3D www.sasa-web.net > SAN =3D sasa-web.net > www.sasa-web.net Thanks. I didn=E2=80=99t know that. However the web server doesn=E2=80=99t h= andle different certs for multiple clients. Hence I have to use the combined= cert. I guess I=E2=80=99ll add multiple cert support to the server=20 =E2=80=94 Doug=