Certbot wants to update my two machines at once

I have certificates for two different systems, but when I went to update one of them, it wants to update them for both machines.
An example from one machine is einsteinmedneuroscience.org. An example from another is wormatlas.org. Somehow, these two systems must have something in common, but what exactly?

Hi @mauricev

you may have copied the complete certbot subdirectory from one to the other server.

So both server have the same set of certificates -> renew.

What says

certbot certificates

on both servers?

From one server
Found the following certs:
Certificate Name: einsteinmedneuroscience.org
Domains: einsteinmedneuroscience.org behavioralcore.einsteinmedneuroscience.org calendar.einsteinmedneuroscience.org connexons.einsteinmedneuroscience.org ftp.einsteinmedneuroscience.org mysql.einsteinmedneuroscience.org www.einsteinmedneuroscience.org
Expiry Date: 2019-09-09 02:31:36+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/einsteinmedneuroscience.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/einsteinmedneuroscience.org/privkey.pem


From the other server
Found the following certs:
Certificate Name: wormatlas.org
Domains: wormatlas.org ftp.wormatlas.org gfpworm.org mysql.wormimage.org wormimage.org www.gfpworm.org www.wormatlas.org www.wormimage.org
Expiry Date: 2019-07-26 04:09:41+00:00 (VALID: 5 days)
Certificate Path: /etc/letsencrypt/live/wormatlas.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/wormatlas.org/privkey.pem


I don’t know how the two got tangled. What can I do to get them independent certificates?

It’s not quite the same output for updating.
The first server says
1: einsteinmedneuroscience.org
2: behavioralcore.einsteinmedneuroscience.org
3: calendar.einsteinmedneuroscience.org
4: connexons.einsteinmedneuroscience.org
5: mysql.einsteinmedneuroscience.org
6: www.einsteinmedneuroscience.org
7: gfpworm.org
8: www.gfpworm.org
9: 45.63.20.54.vultr.com
10: 149.28.56.81.vultr.com
11: wormatlas.org
12: www.wormatlas.org
13: wormimage.org
14: www.wormimage.org
15: wormatlas.aecom.yu.edu
16: wormimage.aecom.yu.edu

The second server is different and correct
1: gfpworm.org
2: www.gfpworm.org
3: wormatlas.org
4: www.wormatlas.org
5: wormimage.org
6: mysql.wormimage.org
7: www.wormimage.org

I don’t even know where some of the entries are coming from for the first server:
9: 45.63.20.54.vultr.com
10: 149.28.56.81.vultr.com
15: wormatlas.aecom.yu.edu
16: wormimage.aecom.yu.edu
These were never registered, so it’s not clear how they got there.

Ah, now I see, you start certbot interactive, that's the list of domains.

But that's simple: Your ip addresses ( https://check-your-website.server-daten.de/?q=einsteinmedneuroscience.org ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
einsteinmedneuroscience.org A 149.28.56.81 Township of Piscataway/New Jersey/United States (US) - Choopa Hostname: 149.28.56.81.vultr.com yes 2 0
AAAA yes
www.einsteinmedneuroscience.org C einsteinmedneuroscience.org yes 1 0
A 149.28.56.81 Township of Piscataway/New Jersey/United States (US) - Choopa Hostname: 149.28.56.81.vultr.com yes

There is a correct defined vHost with 149.28.56.81.vultr.com as ServerName, so Certbot asks.

So ignore the problem, it's not really one.

Your certificate is correct.

CN=einsteinmedneuroscience.org
	11.06.2019
	09.09.2019
expires in 50 days	behavioralcore.einsteinmedneuroscience.org, 
calendar.einsteinmedneuroscience.org, connexons.einsteinmedneuroscience.org, 
einsteinmedneuroscience.org, ftp.einsteinmedneuroscience.org, mysql.einsteinmedneuroscience.org, 
www.einsteinmedneuroscience.org - 
7 entries

PS: Looks like you have changed your server and copied all older vHost definitions. So the not longer used 45.* vHost is copied too.

--

What's your general configuration?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


If you have root access, perhaps cleanup your vHosts.

Check your vHosts with

apachectl -S

and remove all not needed vHost (first, make a backup).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.