starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

When I change DNS name in new cert for the same client, dehydrated is doing new cert but not activating it #284

New Issue
Closed
opened 2025-12-29 01:21:06 +01:00 by adam · 0 comments
adam commented 2025-12-29 01:21:06 +01:00
Owner
Copy Link

Originally created by @bobykus on GitHub (Feb 20, 2018).

F.x. I had ssl cert for domain.com

-rw------- 1 root root 3243 Feb 16 11:26 privkey-1518776816.pem
-rw------- 1 root root 1687 Feb 16 11:26 cert-1518776816.csr
-rw------- 1 root root 2175 Feb 16 11:26 cert-1518776816.pem
-rw------- 1 root root 1684 Feb 16 11:26 chain-1518776816.pem
-rw------- 1 root root 3859 Feb 16 11:27 fullchain-1518776816.pem
lrwxrwxrwx 1 root root 22 Feb 16 11:27 privkey.pem -> privkey-1518776816.pem
lrwxrwxrwx 1 root root 20 Feb 16 11:27 chain.pem -> chain-1518776816.pem
lrwxrwxrwx 1 root root 24 Feb 16 11:27 fullchain.pem -> fullchain-1518776816.pem
lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.csr -> cert-1518776816.csr
lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.pem -> cert-1518776816.pem

then I requested cert for two DNS names domain.com and www.domain.com by running

/usr/local/sbin/dehydrated --accept-terms --cron --config $UserHome/ssl.conf/$ServerName/.letsencrypt/config

and received it successfully

Processing domain.com with alternative names: www.domain.com

  • Checking domain name(s) of existing cert... changed!
  • Domain name(s) are not matching!
  • Names in old certificate: www.domain.com
  • Configured names: domain.com www.domain.com
  • Forcing renew.
  • Checking expire date of existing cert...
  • Valid till May 17 09:26:59 2018 GMT (Longer than 14 days). Ignoring because renew was forced!
  • Signing domains...
  • Generating private key...
  • Generating signing request...
  • Requesting authorization for domain.com...
  • Found valid authorization for domain.com
  • Requesting authorization for www.domain.com...
  • Found valid authorization for www.domain.com
  • 0 pending challenge(s)
  • Requesting certificate...
  • Checking certificate...
  • Done!
  • Creating fullchain.pem...
  • Using cached chain!
  • Done!

but old links remains even new cert is issued!

lrwxrwxrwx 1 root root 22 Feb 16 11:27 privkey.pem -> privkey-1518776816.pem
lrwxrwxrwx 1 root root 20 Feb 16 11:27 chain.pem -> chain-1518776816.pem
lrwxrwxrwx 1 root root 24 Feb 16 11:27 fullchain.pem -> fullchain-1518776816.pem
lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.csr -> cert-1518776816.csr
lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.pem -> cert-1518776816.pem
-rw------- 1 root root 3247 Feb 20 08:18 privkey-1519111116.pem
-rw------- 1 root root 1716 Feb 20 08:18 cert-1519111116.csr
-rw------- 1 root root 2204 Feb 20 08:18 cert-1519111116.pem
-rw------- 1 root root 1684 Feb 20 08:18 chain-1519111116.pem
-rw------- 1 root root 3888 Feb 20 08:18 fullchain-1519111116.pem

It is lead to dehydrated keep trying to renew existed cert until reach the limit 5 certs a week.
What I am doing wrong? How can I activate new cert with dehydrated?

The config file looks

BASEDIR=/somepath/domain.com
CERTDIR="/somepath/ssl.conf"
WELLKNOWN="${BASEDIR}/.well-known/acme-challenge"
ACCOUNTDIR="/somepath/ssl.conf/domain.com/accounts/"
DOMAINS_TXT="${ACCOUNTDIR}/domains.txt"
RENEW_DAYS="14"
ACCOUNT_KEY_RENEW="no"

domains.txt looks like

domain.com www.domain.com

Originally created by @bobykus on GitHub (Feb 20, 2018). F.x. I had ssl cert for domain.com -rw------- 1 root root 3243 Feb 16 11:26 privkey-1518776816.pem -rw------- 1 root root 1687 Feb 16 11:26 cert-1518776816.csr -rw------- 1 root root 2175 Feb 16 11:26 cert-1518776816.pem -rw------- 1 root root 1684 Feb 16 11:26 chain-1518776816.pem -rw------- 1 root root 3859 Feb 16 11:27 fullchain-1518776816.pem lrwxrwxrwx 1 root root 22 Feb 16 11:27 privkey.pem -> privkey-1518776816.pem lrwxrwxrwx 1 root root 20 Feb 16 11:27 chain.pem -> chain-1518776816.pem lrwxrwxrwx 1 root root 24 Feb 16 11:27 fullchain.pem -> fullchain-1518776816.pem lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.csr -> cert-1518776816.csr lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.pem -> cert-1518776816.pem then I requested cert for two DNS names domain.com and www.domain.com by running /usr/local/sbin/dehydrated --accept-terms --cron --config $UserHome/ssl.conf/$ServerName/.letsencrypt/config and received it successfully Processing domain.com with alternative names: www.domain.com + Checking domain name(s) of existing cert... changed! + Domain name(s) are not matching! + Names in old certificate: www.domain.com + Configured names: domain.com www.domain.com + Forcing renew. + Checking expire date of existing cert... + Valid till May 17 09:26:59 2018 GMT (Longer than 14 days). Ignoring because renew was forced! + Signing domains... + Generating private key... + Generating signing request... + Requesting authorization for domain.com... + Found valid authorization for domain.com + Requesting authorization for www.domain.com... + Found valid authorization for www.domain.com + 0 pending challenge(s) + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Using cached chain! + Done! but old links remains even new cert is issued! lrwxrwxrwx 1 root root 22 Feb 16 11:27 privkey.pem -> privkey-1518776816.pem lrwxrwxrwx 1 root root 20 Feb 16 11:27 chain.pem -> chain-1518776816.pem lrwxrwxrwx 1 root root 24 Feb 16 11:27 fullchain.pem -> fullchain-1518776816.pem lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.csr -> cert-1518776816.csr lrwxrwxrwx 1 root root 19 Feb 16 11:27 cert.pem -> cert-1518776816.pem -rw------- 1 root root 3247 Feb 20 08:18 privkey-1519111116.pem -rw------- 1 root root 1716 Feb 20 08:18 cert-1519111116.csr -rw------- 1 root root 2204 Feb 20 08:18 cert-1519111116.pem -rw------- 1 root root 1684 Feb 20 08:18 chain-1519111116.pem -rw------- 1 root root 3888 Feb 20 08:18 fullchain-1519111116.pem It is lead to dehydrated keep trying to renew existed cert until reach the limit 5 certs a week. What I am doing wrong? How can I activate new cert with dehydrated? The config file looks BASEDIR=/somepath/domain.com CERTDIR="/somepath/ssl.conf" WELLKNOWN="${BASEDIR}/.well-known/acme-challenge" ACCOUNTDIR="/somepath/ssl.conf/domain.com/accounts/" DOMAINS_TXT="${ACCOUNTDIR}/domains.txt" RENEW_DAYS="14" ACCOUNT_KEY_RENEW="no" domains.txt looks like domain.com www.domain.com
adam closed this issue 2025-12-29 01:21:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#284
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?