Now do you see why I gave David a command to create the proper certificate under the correct name?
No? I don't? I don't care about the actual name of the cert. What difference does adding or removing mail.
? Exactly, nothing.
where do I delete it?
Oh, really?
The way I see it: if David runs this command:
a new (and clean and functional) certificate will be created under frick.blog
.
Then, the cruft:
can be safely removed.
Don't mind @Osiris and I. It wouldn't be a normal day if we didn't have a healthy debate about something.
Okay! Sorry, I did not know if those numbers were sensitive so I redacted them. The issue was for my mail server whereby I could correctly send emails, but not recieve them as the mail servers try to send it to davidfrick.xyz, which no longer exists. I checked all my mail server configs, which appear correct so I am not too sure why davidfrick.xyz is even involved. My DNS records no longer point to that domain ..etc etc
The reason is because you manually removed things rather than using certbot delete
. See my post above about certbot update_symlinks
to get started. That should fix your symlink woes. We're assuming you manually modified the live
folder at some point.
Okay, that makes sense. I ran the delete certs command and got further. However, it says the fullchain + chain for mail.frick.blog does not match so I will run this command to reset it
certbot certonly --cert-name frick.blog --manual --preferred-challenges dns -d "frick.blog,www.frick.blog,mail.frick.blog,david.frick.blog,www.david.frick.blog" --keep
That will acquire a new certificate for you named frick.blog
in certbot, which will be free from the broken certificates. Did you run certbot update_symlinks
? Do that first.
The leftovers from those certs can be removed anyway? It's the old cert plus a few 001 002 et c extra certs..
That may not be as simple as that.
It depends heavily on the other services that are using an LE cert (which are tied to a specific path).
I did, not errors. Just mentioning saying a log file which contains no errors as far as I can tell. Is there a way to test that this is not good to go?
Hence replacing the certificate first. Keep up guys.
WHERE does it say that? Please, show us an actual error message, so we can debug what's really going on......
Please stop bickering about the name, some irrelevant errors and such. Can we please focus on the actual issue at hand?
Run:
certbot certificates
That will tell us if the live
folder has been sanitized.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: frick.blog
Serial Number: 38977c9346be537358a23c4dee24b363b2a
Domains: frick.blog david.frick.blog mail.frick.blog www.david.frick.blog www.frick.blog
Expiry Date: 2021-03-06 21:49:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/frick.blog/fullchain.pem
Private Key Path: /etc/letsencrypt/live/frick.blog/privkey.pem
I think we are good to go.
Of course they don't match. There's a hardcoded cert file in live
.
Beautiful!
That's what we wanted to see.
No it's not, just you...
Yes, it no longer exists:
nslookup -q=mx davidfrick.xyz
*** can't find davidfrick.xyz: Server failed
But why is anyone trying to email you at that domain name?
How is that related to the cert on this system?