Kyle Rankin  

When I set up this Mastodon instance a couple months ago I extended my existing kylerank.in cert and added the new subdomain as a SAN. Everything worked fine at the time, but apparently that made certbot change the Nginx config it uses for the .well-known directory, causing automatic renewal to fail.

I discovered this after the cert expired yesterday, but fortunately it was simple to fix, once the problem was clear. Something to watch out for if you add SANs to an existing cert.

#letsencrypt

1
James Mason

@kyle check out Caddy server (as a replacement for nginx). I've recently made similar changes in my self-hosted services, but Caddy handled it invisibly (and successfully of course). caddyserver.com/

· Web · 0 · 0 · 1
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml