certbot --manual --preferred-challenges dns certonly \
-d frick.blog
....
(some other domains as well)
It produced this output: It reissued my certificate for my old domain name.
This is an issue because my mail server relies on that certificate and it seems people can not email me back without issue because it then looks for davidfrick.xyz
My certbot version is: 1.4.0
I can run any other commands on my server as needed.
Even when you didn't put that domain name on the command line? That shouldn't be happening.. And I'm very much doubting it. Could you paste the complete command and its complete output?
Also, you haven't issued a certificate for both those domains in December. Last certs are from November 14 and 25. You already have one for david.frick.blog, frick.blog, mail.frick.blog, www.david.frick.blog and www.frick.blog. What's wrong with that one? Your SMTP server is already using that certificate on port 25. However, your SMTP daemon identifies itself as davidfrick.xyz? You should update your server to use the correct hostname too.
@griffin As I see you've included the other hostnames, you should also realise that he already has that certificate, right? So running your suggested command doesn't help really.. It would probably only duplicate it, making it only more confusing.
I wrote the command to put the certificate for the new domain name under its own certificate name to prevent confusion. With the --keep it may not do anything other than affirm. I pointed @Frick-David at your post to resolve the other issues first.
That would leave him with two certificates in certbot, one called frick.box and the current mail.frick.box (I'm assuming, as that's the CommonName of the most recent cert).
I don't think getting more and more certificates is useful here. Your --keep won't do anything as you're also using --cert-name, which probably doesn't exist and would result in a double cert, increasing load on LE's systems et cetera.
Correct. It would be far clearer to have the certificate (and common name) be frick.blog. This is purely a management thing and not a functionality thing.
I would like to suggest to get to the bottom of the actual issue first before we'll get it more confusing by duplicating identical certificates to just get the name different...
Also, as the SMTP daemon already uses the correct certificate, renaming the cert would also mean re-configuring all the services already using that certificate.. Not worth the effort just for cosmetics IMHO.
You may be right. I'm not sure what "some other domains" are in the OP though. If they're all related, no problem. If not, well... I know 100% that the command I gave will put the correct domain names in a correctly-named certificate. Failsafe.
And I'm not sure what the actual issue now really is... You have the certificate for your new domain already. Or is there something wrong with that one?
Well so if they are pointed at the right certs. I am not sure why the smtp service is still using the old one per your comment. I did reload the services.
It looks like you've deleted stuff manually from the /live/ directory, can that be the case? If so, I'd like to advice using certbot delete --cert-name $name-of-cert
Now you have some left over files which weren't deleted, such as those renewal configuration files.
All Let's Encrypt certificates are send to certificate transparancy logs, so they are publically known. Also, we can find out the serial number and expiration date by just connecting to one of the services, such as your SMTP server. No need to redact those.
I thought mail.frick.box is the new certificate? The hostname I mentioned was in the SMTP 250 EHLO header response, wasn't certificate related.
Can you please tell us what issue you're actually running into? Do you have an error message for us? Perhaps a screenshot what the issue is?
