I have certificates for two different systems, but when I went to update one of them, it wants to update them for both machines.
An example from one machine is einsteinmedneuroscience.org. An example from another is wormatlas.org. Somehow, these two systems must have something in common, but what exactly?
Hi @mauricev
you may have copied the complete certbot subdirectory from one to the other server.
So both server have the same set of certificates -> renew.
What says
certbot certificates
on both servers?
From one server
Found the following certs:
Certificate Name: einsteinmedneuroscience.org
Domains: einsteinmedneuroscience.org behavioralcore.einsteinmedneuroscience.org calendar.einsteinmedneuroscience.org connexons.einsteinmedneuroscience.org ftp.einsteinmedneuroscience.org mysql.einsteinmedneuroscience.org www.einsteinmedneuroscience.org
Expiry Date: 2019-09-09 02:31:36+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/einsteinmedneuroscience.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/einsteinmedneuroscience.org/privkey.pem
From the other server
Found the following certs:
Certificate Name: wormatlas.org
Domains: wormatlas.org ftp.wormatlas.org gfpworm.org mysql.wormimage.org wormimage.org www.gfpworm.org www.wormatlas.org www.wormimage.org
Expiry Date: 2019-07-26 04:09:41+00:00 (VALID: 5 days)
Certificate Path: /etc/letsencrypt/live/wormatlas.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/wormatlas.org/privkey.pem
I don’t know how the two got tangled. What can I do to get them independent certificates?
It’s not quite the same output for updating.
The first server says
1: einsteinmedneuroscience.org
2: behavioralcore.einsteinmedneuroscience.org
3: calendar.einsteinmedneuroscience.org
4: connexons.einsteinmedneuroscience.org
5: mysql.einsteinmedneuroscience.org
6: www.einsteinmedneuroscience.org
7: gfpworm.org
8: www.gfpworm.org
9: 45.63.20.54.vultr.com
10: 149.28.56.81.vultr.com
11: wormatlas.org
12: www.wormatlas.org
13: wormimage.org
14: www.wormimage.org
15: wormatlas.aecom.yu.edu
16: wormimage.aecom.yu.edu
The second server is different and correct
1: gfpworm.org
2: www.gfpworm.org
3: wormatlas.org
4: www.wormatlas.org
5: wormimage.org
6: mysql.wormimage.org
7: www.wormimage.org
I don’t even know where some of the entries are coming from for the first server:
9: 45.63.20.54.vultr.com
10: 149.28.56.81.vultr.com
15: wormatlas.aecom.yu.edu
16: wormimage.aecom.yu.edu
These were never registered, so it’s not clear how they got there.
Ah, now I see, you start certbot interactive, that's the list of domains.
But that's simple: Your ip addresses ( https://check-your-website.server-daten.de/?q=einsteinmedneuroscience.org ):
Host | T | IP-Address | is auth. | ∑ Queries | ∑ Timeout |
---|---|---|---|---|---|
einsteinmedneuroscience.org | A | 149.28.56.81 Township of Piscataway/New Jersey/United States (US) - Choopa Hostname: 149.28.56.81.vultr.com | yes | 2 | 0 |
AAAA | yes | ||||
www.einsteinmedneuroscience.org | C | einsteinmedneuroscience.org | yes | 1 | 0 |
A | 149.28.56.81 Township of Piscataway/New Jersey/United States (US) - Choopa Hostname: 149.28.56.81.vultr.com | yes |
There is a correct defined vHost with 149.28.56.81.vultr.com
as ServerName, so Certbot asks.
So ignore the problem, it's not really one.
Your certificate is correct.
CN=einsteinmedneuroscience.org
11.06.2019
09.09.2019
expires in 50 days behavioralcore.einsteinmedneuroscience.org,
calendar.einsteinmedneuroscience.org, connexons.einsteinmedneuroscience.org,
einsteinmedneuroscience.org, ftp.einsteinmedneuroscience.org, mysql.einsteinmedneuroscience.org,
www.einsteinmedneuroscience.org -
7 entries
PS: Looks like you have changed your server and copied all older vHost definitions. So the not longer used 45.* vHost is copied too.
--
What's your general configuration?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
If you have root access, perhaps cleanup your vHosts.
Check your vHosts with
apachectl -S
and remove all not needed vHost (first, make a backup).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.