Something too subtle for me happened on 10/06/2021 when I renewed my certificate. Apparently everything went as expected. Browsers can access in a secure way.
My site is reached by many different modules with their libraries such ESP01, NodeMCU, ESP32... Most of them work fine, but in the particular case, for the ESP01, that uses the ESP8266 it started to fail.
I can assert that is something back-end related, as all this model started to fail since certificate renewal for different users. They suffered no updates or reboots and were automatically working for years in some cases.
So my guess is that something has changed in the way certificates are made lately as the renewal process didn't give me problems in the last years. But no idea.
I can point that trying exactly the same device, with the same library and firmware, but pointing to "www.google.com" instead of "circusofthings.com" works well.
When googling why works with some URLs while not with others, it get that this vendor is not supporting SNI feature... maybe it has something to see with some change with certbot?
Thanks in advance
My domain is: circusofthings.com
I ran this command:
sudo certbot certonly --force-renew -d circusofthings.com -d www.circusofthings.com
openssl pkcs12 -export -out /a/path/cot.pfx -inkey /etc/letsencrypt/live/circusofthings.com/privkey.pem -in /etc/letsencrypt/live/circusofthings.com/cert.pem -certfile
It produced this output:
My web server is (include version): Tomcat 126.96.36.199
The operating system my web server runs on is (include version): Ubuntu Server 16.04
My hosting provider, if applicable, is: hostinet.es
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):