Common name not first domain in list

hi

windows 10

C:>certbot certonly --test-cert --http-01-port 8888 -d mail.seafoodservice.by -d alt.seafoodservice.by,mailm.seafoodservice.by,mailv.seafoodservice.by,375333070021.dyndns.mts.by
Saving debug log to C:\Certbot\log\letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: C:\Certbot\renewal\mail.seafoodservice.by.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for mail.seafoodservice.by and 4 more domains

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\mail.seafoodservice.by\fullchain.pem
Key is saved at: C:\Certbot\live\mail.seafoodservice.by\privkey.pem
This certificate expires on 2023-07-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

C:>certbot certificates
Saving debug log to C:\Certbot\log\letsencrypt.log


Found the following certs:
Certificate Name: mail.seafoodservice.by
Serial Number: fa426ce634e62cb651b919d16ffba0e8cd11
Key Type: ECDSA
Domains: 375333070021.dyndns.mts.by alt.seafoodservice.by mail.seafoodservice.by mailm.seafoodservice.by mailv.seafoodservice.by
Expiry Date: 2023-07-11 05:50:11+00:00 (INVALID: TEST_CERT)
Certificate Path: C:\Certbot\live\mail.seafoodservice.by\fullchain.pem
Private Key Path: C:\Certbot\live\mail.seafoodservice.by\privkey.pem


C:>certbot --version
certbot 2.2.0

For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate.

Certificate Path: C:\Certbot\live\mail.seafoodservice.by\fullchain.pem:
CN = 375333070021.dyndns.mts.by

???

Regards
Alex

That piece of documentation is no longer accurate and has been removed in new versions.

But the old behaviour should be back soon, see Domain ordering not respected, unexpected certificate subject - #23 by jsha.

7 Likes

Thanks.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.