Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: herwaarts.nl
I used the certbot to install my certificates on a virtual server with
And I could choose the ones I want https for. So I ticked all options.
when everything was finished and worked fine and I checked the certificate it turned out all certificates had a.com as domain.
The problem is that b.com is the domain I'm working with and a.com is a project with a friend that will move to an other server.
Can you explain that in more detail? Because certs often have a Common Name (CN) of one of the domains in the cert. But, the more important thing is the SANs (Subject Alternative Names) list of domains that the cert is valid for. Browsers check the SANs and not the CN
I can see your cert issued last month with various names.
Well I can not explain any more I'm sorry.
The commonName = globalemmet.com
is wrong... it must be herwaarts.nl.
certbot just gave a list of domains to put in the certificate and picked the first name from the list as the commonName without any notice.
So now if you check the certificate on herwaarts.nl it says globalemmet.com
Issued by E6
Which at least looks strange and unreliable for visitors.
Besides globalemmet.com will move in a while.
Maybe there is a way to remove everything and start over...
that would be ok to.
Can you be really clear on what it is you're using that cares about the CN field? It's been obsolete for many years.
If it's just that you don't want one certificate that lists all the names, because it implies some sort of relationship that shouldn't be public (to the rare person who dives into certificate details), then just get separate certificates for each name.
You can delete the certificate that you no longer want using: cerbot delete
Afterward you can request a new certificate that contains only the domains you want. Repeat the process for any additional certificates that you require.
Most people don't actually look at the certificate. And probably most that do will understand how a certificate anno 2024 works and that they should ignore the CN and look at the SAN extension.
I am inclined to believe that the amount of vistors who actually look at the content of a certificate, let alone even know how to do that, is so miniscule as to be largely irrelevant. I am still partial to using only hostnames that make sense to be seen together in the SAN field. That's more for my own satisfaction than anyone else's.
IMHO, itβs not the number of people but the (lack of) intelligence and experience of those who do. They often interpret the information wildly incorrectly, assume there is a scandal or malevolence involved, and start spouting conspiracy theories publicly and via support tickets.
Unless there is a transparent and obvious business relationship between domains, i no longer mix them in certificates. Instead I recycle the private keys across the certificates to minimize memory usage. (All certs issued on a day or week share the same key).
I was playing around with forcing the CN to be βall-powered-by.platform.comβ for some white label hosted stuff, but recycling keys worked well enough.
We dynamically load certs during the handshake, with multiple caching tiers for the cert/key data, so that optimization has a huge impact as compared to a server referencing certs on disk at startup.