My CN and Alternate Name are different to the domain for which I generated the certificate, and this is causing an Android app to fail to connect to my site. The domain name being used is another domain which I own, which is hosted on the same server.
I use port 443 for SSL. This is forwarded on my router to the nginx host machine (a Proxmox Lubuntu VM).
I used this command to generate the cert:
That Subject Key Identifier is for ianmanning so it is odd to see that in a folder named for your richmond domain.
But, you did get several certs for richmond recently (below). It is far more likely something is wrong with your folder structure rather than a mis-issuance of this kind (far, far, more).
Can you show output of: sudo certbot certificates
Have you ever used a --deploy-hook with any of your certs? Perhaps one that still exists in the Certbot hook folder?
I don't know. Sometimes you post as itm1960 and sometimes as itm60. Maybe try posting as itm60 the same as when you started this thread? I am just guessing - this is unusual.
Oh sorry I post from 2 different machines and I choose to use my Github ID to login, but I haven't worked out how the authorisation is working as the login seems to prompt me for a user id each time I use that method.
There are other Certbot interactive options that lead to same result. The --cert-name is just the folder name (or, a profile name). Its name is not related to the domains in the cert. It could be --cert-name MyProdServer for example.
We could look at the /etc/letsencrypt/archive/home.richmondtech.co.uk for the few prior issued certs under this profile name. We could dissect each one and put together the chain of events. I just don't know if it is worth the trouble.
Now, the one below is the most recently issued but note the folder name has -0001 in it. Certbot does that when the domain names in the cert request don't match the folder profile it would normally use.
So, what to do? I would issue a new cert for the original home.richmond profile like this
Certbot will ask about replacing it or expanding or something. Just reply as needed so that it uses just the richmond domain for this cert name / profile.
Further, I assume you don't reference the files in the -0001 folder so delete that.
That's the one for port 80. Do you have one for port 443 that refers to its own cert? Otherwise you'll get the default server block (which is probably richmond).
Or not if you don't use the hostname ianmanning.ddns.net directly in a browser. Dynamic DNS hostnames are often used as a CNAME in more "fancy" hostnames.
E.g.: fancy.example.com IN CNAME less.fancy.ddns.url.example.net
Clients would type in fancy.example.com in their browser, Google would use that URL et cetera, but in the DNS the IP address of less.fancy.ddns.url.example.net would be used.
In the above scenario no virtualhost for less.fancy.ddns.url.example.net would be required, nor a certificate for that hostname, as it's only used for DNS purposes.
But if you do use the ianmanning.ddns.net hostname directly in browsers or other clients, then you'd want to have a HTTPS port 443 virtualhost for that hostname too.
Right now I don't use ianmanning.ddns.net directly in a browser, although I may do in the future. I guess I would only need to "clean up" the SSL cert as and when that time comes?
Euh, what do you mean by "clean up the cert"? Because the certificate looks fine in your last certbot certificates output. If you want to use ianmanning.ddns.net in the future, you need to add a HTTPS vhost for it in your nginx configuration. Not "clean up the cert".
