Now that I need to renew the LE certificate… I run ./letsencrypt-auto renew
LE responds…
We were unable to find a vhost with a ServerName or Address of lists.bizzi-body.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
Choices: ['bizzi-body.com.conf | Multiple Names | | ', 'default-ssl.conf | | HTTPS | Enabled', '000-default.conf | | | Enabled', '000-default-le-ssl.conf | | HTTPS | Enabled', 'bizzi-body.com-le-ssl.conf | Multiple Names | HTTPS | Enabled']
(The best solution is to add ServerName or ServerAlias entries to the VirtualHost directives of your apache configuration files.). Skipping.
Reading through that my thoughts are that LE is still looking for lists.bzzi-body.com - so the question is …
If you “change the name” of a server computer you conceptually remove one server computer from service and create another server computer.
You have a certificate for a server computer that “doesn’t exist any more”. You probably shouldn’t try to renew that certificate. I fail to see how this could be accomplished.
My approach would be to request a brand new certificate for the “new server” you have just “created” (through the name change), using the name of the new server. Visitors to your “new” server will then be served a certificate valid for “the new server”. (Even if this is served from the same computer hardware.)
Then you basically have two choices for the “old” certificate. You could (1) just let it expire when it reaches it’s expiration date or you could (2) revoke the certificate.
Since the LE certificates have a pretty short validity time frame, I would most likely let the old expire and die out on it’s own. Unless you have some real requirement to invalidate the old certificate.
I have done this and had good and not so good outcome.
I ran ./letsencrypt-auto --apache -d bizzi-body.com
And received the message Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bizzi-body.com-0001/fullchain.pem. Your cert will expire on 2016-07-28. To obtain a new version of the certificate in the future, simply run Let's Encrypt again.