Jump to content
Froxlor Forum
  • 0

How to trigger renewal of certificate?


peterpan

Question

Hi,

I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.

How do I trigger getting a new and updated certificate? Should I delete the existing one?

Thanks for helping out.

 

Peter

Link to comment
Share on other sites

Recommended Posts

  • 0

 

It seems to work. When I add a domain as an alias, a new certificate is created. But the certificate is not good:
 

# openssl x509 -in  /etc/ssl/froxlor-custom/xxxxxxx.net.crt -text -noout
unable to load certificate
140135579193600:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1130:
140135579193600:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:290:Type=X509
140135579193600:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:../crypto/pem/pem_oth.c:33:

The content of the certificate is:

-----BEGIN CERTIFICATE-----
ewogICJ0eXBlIjogInVybjphY21lOmVycm9yOnJhdGVMaW1pdGVkIiwKICAiZGV0
YWlsIjogIkVycm9yIGNyZWF0aW5nIG5ldyBjZXJ0IDo6IHRvbyBtYW55IGNlcnRp
ZmljYXRlcyBhbHJlYWR5IGlzc3VlZCBmb3IgZXhhY3Qgc2V0IG9mIGRvbWFpbnM6
IGNhbXBpYW5vLmRlLGNhbXBpYW5vLmVzLGNhbXBpYW5vLmZyLGNhbXBpYW5vLml0
LGNhbXBpYW5vLm5ldCxjYW1waWFuby5ubCxjcm9uLmNhbXBpYW5vLm5ldCx3ZWJo
b29rLmNhbXBpYW5vLm5ldCx3d3cuY2FtcGlhbm8uZGUsd3d3LmNhbXBpYW5vLmVz
LHd3dy5jYW1waWFuby5mcix3d3cuY2FtcGlhbm8uaXQsd3d3LmNhbXBpYW5vLm5l
dCx3d3cuY2FtcGlhbm8ubmw6IHNlZSBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9k
b2NzL3JhdGUtbGltaXRzLyIsCiAgInN0YXR1cyI6IDQyOQp9
-----END CERTIFICATE-----

which seems quite short.

 

Link to comment
Share on other sites

  • 0

I found the following line in the output:

[Sun Sep 15 15:13:43 CEST 2019] Sign failed: "detail":"Error creating new cert :: too many certificates already issued for exact set of domains: xxxxxxx.ca,xxxxxxx.de,xxxxxxx.es,xxxxxxx.fr,xxxxxxx.it,xxxxxxx.net,xxxxxxx.nl,xxxxxxx.us,cron.xxxxxxx.net,webhook.xxxxxxx.net,www.xxxxxxx.ca,www.xxxxxxx.de,www.xxxxxxx.es,www.xxxxxxx.fr,www.xxxxxxx.it,www.xxxxxxx.net,www.xxxxxxx.nl,www.xxxxxxx.us: see https://letsencrypt.org/docs/rate-limits/"

As a result, I seem to get a faulty cert from LE, instead of no cert at all. Then, when restarting Apache, it fails with "Configuration failed".

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...