I have a mail server with SOGo as my webmail. I have three separate domains pointing to the server with one single virtual host as a catchall. When I initially configured the server I only had one domain: mail.familymattersliving.com. I later added additional domains (listed below) but I ran certbot as if they were independent. When I realized the mistake I ran certbot again attaching to the original cert. Now I have all of this:
$ sudo certbot -auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: autoconfig.securityguardcommand.com
Serial Number:
Key Type: RSA
Domains: autoconfig.securityguardcommand.com
Expiry Date: 2023-09-14 04:15:02+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/autoconfig.securityguardcommand.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/autoconfig.securityguardcommand.com/privkey.pem
Certificate Name: existing-domain.com
Serial Number:
Key Type: RSA
Domains: mail.familymattersliving.com mail.mischasbeauty.com mail.securityguardcommand.com
Expiry Date: 2023-09-14 05:21:49+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/existing-domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/existing-domain.com/privkey.pem
Certificate Name: mail.familymattersliving.com
Serial Number:
Key Type: RSA
Domains: mail.familymattersliving.com
Expiry Date: 2023-09-09 04:47:56+00:00 (VALID: 79 days)
Certificate Path: /etc/letsencrypt/live/mail.familymattersliving.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mail.familymattersliving.com/privkey.pem
Certificate Name: mail.securityguardcommand.com
Serial Number:
Key Type: RSA
Domains: mail.securityguardcommand.com
Expiry Date: 2023-09-14 02:36:14+00:00 (VALID: 83 days)
Certificate Path: /etc/letsencrypt/live/mail.securityguardcommand.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mail.securityguardcommand.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How do I purge all certs so I can start over and clean this mess up?
I cannot find any reference in NGINX virtual host file to any of these certs.
When I go to mail.familymattersliving.com the SSL works perfectly. But when I go to any of the other domains, I get a message stating that the cert being used was issued to mail.familymatters.com and is not valid.
|Common Name (CN)|mail.familymattersliving.com|
|---|---|
|Organization (O)|<Not Part Of Certificate>|
|Organizational Unit (OU)|<Not Part Of Certificate>|
My domain is: mail.familymattersliving.com, mail.securityguardcommand.com, mail.mischasbeauty.com and also the following subdomains for each domain: autodiscover, autoconfigure.
My web server is (include version): NGINX
The operating system my web server runs on is (include version): Ubuntu 22.04
My hosting provider, if applicable, is: Serverpoint VPS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.21.0