#1318 Multiple domain certificate for different services is not working

Reporter sven222
Owner Nobody
Stars ★ (1)
  • Status-NeedInfo
  • Type-Defect
  • Priority-Medium
  1. sven222 on

    What steps will reproduce the problem? 1. I did installation of prosody 0.11 on a raw debian stretch with documentation from homebreserver.club 2. In old documentation certificate was catched for all subdomains with one certbot call. Like: "certbot certonly -d myserver.org -d proxy.myserver.org -d dump.myserver.org -muc.myserver.org" Because of the bug I try to file they changed to 4 seperate calls of certbot. Like: certbot certonly -d myserver.org certbot certonly -d muc.myserver.org . . 3. After doing "prosodyctl --root cert import /etc/letsencrypt/live/ " I have some errors for the certificates in prosody.err amd prosody.log. In log only, if I change before to debug from info. What is the expected output? Expected output is to import the certificates, if you have only one for the complete server. What do you see instead? I made a dump of prosody.err and prosody.log, that you can check dump.err: https://cloud.hardwarepunk.de/s/yteirYQ33xLPpWA dump.log: https://cloud.hardwarepunk.de/s/aZQBf9ptZMM77nn What version of the product are you using? On what operating system? 0.11 on Debian Stretch (9) Please provide any additional information below.

  2. Zash on

    Thanks for the report. Currently prosodyctl only looks at filenames and not at the contents of certs, doing deeper inspection for certificates with multiple names was on the TODO from the start, but this has not been completed yet. What is the output of the `cert import` command, and the names of the certificate files imported, if any? As you can see in the log, it looks for certs matching the parent domain of each component or host, so if "myserver.org" has a cert, that should be selected in this case.

    • tags Status-NeedInfo

New comment

Not published. Used for spam prevention and optional update notifications.