On Sun, Feb 7, 2021 at 4:49 PM Stuart Henderson <s...@spacehopper.org> wrote:

> On 2021-02-07, David Higgs <hig...@gmail.com> wrote:
> >  acme-client: /etc/ssl/primary.example.com.crt: unknown SAN entry:
> > alternate.example.com
> > acme-client: bad exit: revokeproc(55821): 1
> >
> > (My real domain is legitimate, and not example.com.)
> >
> > I recently decommissioned one of the aliases for my servers, but my
> nightly
> > acme-client run threw an error.  Although I removed the alias from
> > acme-client.conf, it is obviously still present in my certificate and
> seems
> > to be confusing the renewal process.
> >
> > Does anyone know how to resolve this?  I tried force-renewal (-F) without
> > success but haven't tried revoking yet.  Is it possible to fix without
> > revocation?
> >
> > Thanks.
> >
> > --david
> >
>
> Update to -current, or move /etc/ssl/primary.example.com.crt out the way.
>

For the archives: I moved the cert as suggested, manually ran my nightly
script, and everything worked great.

Thanks!

--david

Reply via email to