On 2021-02-07, David Higgs <hig...@gmail.com> wrote: > acme-client: /etc/ssl/primary.example.com.crt: unknown SAN entry: > alternate.example.com > acme-client: bad exit: revokeproc(55821): 1 > > (My real domain is legitimate, and not example.com.) > > I recently decommissioned one of the aliases for my servers, but my nightly > acme-client run threw an error. Although I removed the alias from > acme-client.conf, it is obviously still present in my certificate and seems > to be confusing the renewal process. > > Does anyone know how to resolve this? I tried force-renewal (-F) without > success but haven't tried revoking yet. Is it possible to fix without > revocation? > > Thanks. > > --david >
Update to -current, or move /etc/ssl/primary.example.com.crt out the way.