Now do you see why I gave David a command to create the proper certificate under the correct name?
1 Like
No? I don't? I don't care about the actual name of the cert. What difference does adding or removing mail.? Exactly, nothing.
2 Likes
where do I delete it?
1 Like
Oh, really?
The way I see it: if David runs this command:
a new (and clean and functional) certificate will be created under frick.blog.
Then, the cruft:
can be safely removed.
Don't mind @Osiris and I. It wouldn't be a normal day if we didn't have a healthy debate about something. 
1 Like
Okay! Sorry, I did not know if those numbers were sensitive so I redacted them. The issue was for my mail server whereby I could correctly send emails, but not recieve them as the mail servers try to send it to davidfrick.xyz, which no longer exists. I checked all my mail server configs, which appear correct so I am not too sure why davidfrick.xyz is even involved. My DNS records no longer point to that domain ..etc etc
2 Likes
The reason is because you manually removed things rather than using certbot delete. See my post above about certbot update_symlinks to get started. That should fix your symlink woes. We're assuming you manually modified the live folder at some point.
Okay, that makes sense. I ran the delete certs command and got further. However, it says the fullchain + chain for mail.frick.blog does not match so I will run this command to reset it
certbot certonly --cert-name frick.blog --manual --preferred-challenges dns -d "frick.blog,www.frick.blog,mail.frick.blog,david.frick.blog,www.david.frick.blog" --keep
1 Like
That will acquire a new certificate for you named frick.blog in certbot, which will be free from the broken certificates. Did you run certbot update_symlinks? Do that first.
The leftovers from those certs can be removed anyway? It's the old cert plus a few 001 002 et c extra certs..
1 Like
That may not be as simple as that.
It depends heavily on the other services that are using an LE cert (which are tied to a specific path).
1 Like
I did, not errors. Just mentioning saying a log file which contains no errors as far as I can tell. Is there a way to test that this is not good to go?
1 Like
Hence replacing the certificate first. Keep up guys.
1 Like
WHERE does it say that? Please, show us an actual error message, so we can debug what's really going on......
Please stop bickering about the name, some irrelevant errors and such. Can we please focus on the actual issue at hand?
2 Likes
Run:
certbot certificates
That will tell us if the live folder has been sanitized.
1 Like
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: frick.blog
Serial Number: 38977c9346be537358a23c4dee24b363b2a
Domains: frick.blog david.frick.blog mail.frick.blog www.david.frick.blog www.frick.blog
Expiry Date: 2021-03-06 21:49:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/frick.blog/fullchain.pem
Private Key Path: /etc/letsencrypt/live/frick.blog/privkey.pem
I think we are good to go.
2 Likes
Of course they don't match. There's a hardcoded cert file in live.
1 Like
Beautiful! 
That's what we wanted to see.
1 Like
No it's not, just you...
2 Likes
Yes, it no longer exists:
nslookup -q=mx davidfrick.xyz
*** can't find davidfrick.xyz: Server failed
But why is anyone trying to email you at that domain name?
How is that related to the cert on this system?
1 Like