OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.981
Virtualmin version: 6.17 Pro
Hi everyone,
My ongoing saga of Letsencrypt continues.
I have been experiencing a number of issues with Letsencrypt as regular visitors might ( ) have read but I think I am beginning to get, at least, somewhere.
The current issue/symptom I amtrying to resolve is that whenever I try to set up an email account in Thunderbird (I have also tried other mail clients and other internet connections) I get a certificate error when trying to send email using domain.com. The error when I use Thunderbird “view certificate” is that the cert is for the wrong site. For clarity I will call that “BADdomain.com”. When I use any certificate testing services the domain.com tests out without error. I have also used a wildcard certificate on domain.com after trying the usual specified servers.
During my attempts to sort the server out I have tried many times to create/host/transfer various test domains including “BADdomain.com”.
If I run “openssl s_client -showcerts -connect 85.234.151.55:465” the report shows “BADdomain.com” being delivered as below :
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let’s Encrypt, CN = R3
verify return:1
depth=0 CN = BADdomain.com
verify return:1
CONNECTED(00000003)Certificate chain
0 s:/CN=BADdomain.com
Server certificate
subject=/CN=BADdomain.com
issuer=/C=US/O=Let’s Encrypt/CN=R3
I have deleted the VS for BADdomain.com and set up DNS so that the domain no longer resolves to this server (self signed certificate) and allowed for and tested propagation.
Running “openssl s_client -showcerts -connect 85.234.151.55:465” the report stays the same.
In an attempt to remove ALL entries for that domain I found and deleted the entries under /etc/letsencrypt/archive & live & renewal.
Still the problem exists.
Running “openssl s_client -showcerts -connect 85.234.151.55:465” the report stays the same.
In despairation I deleted ALL entries in those three directories.
Still a problem and by now getting really peeved.
It is possible during my fight that I could have clicked the use as default link in the cert module for a domain but thought that would only affect the one domain. Might be wrong.
So I have a couple of questions
1, Can I somehow delete ALL Letsencrypt entries somehow ands start again?
OR
- How can I resolve this heinous issue.
All contributions welcome.
Thanks for reading.