On Sun, Feb 7, 2021 at 4:49 PM Stuart Henderson <s...@spacehopper.org> wrote:
> On 2021-02-07, David Higgs <hig...@gmail.com> wrote: > > acme-client: /etc/ssl/primary.example.com.crt: unknown SAN entry: > > alternate.example.com > > acme-client: bad exit: revokeproc(55821): 1 > > > > (My real domain is legitimate, and not example.com.) > > > > I recently decommissioned one of the aliases for my servers, but my > nightly > > acme-client run threw an error. Although I removed the alias from > > acme-client.conf, it is obviously still present in my certificate and > seems > > to be confusing the renewal process. > > > > Does anyone know how to resolve this? I tried force-renewal (-F) without > > success but haven't tried revoking yet. Is it possible to fix without > > revocation? > > > > Thanks. > > > > --david > > > > Update to -current, or move /etc/ssl/primary.example.com.crt out the way. > For the archives: I moved the cert as suggested, manually ran my nightly script, and everything worked great. Thanks! --david
