Koozali.org: home of the SME Server

Server 10 creating new certificates every day

Offline wbblythe

  • 2
  • +0/-0
Server 10 creating new certificates every day
« on: July 29, 2021, 06:24:48 PM »
Every morning between 03:00 and 03:30 SME is creating new certificates. The certificates say they are valid for a year but still get replaced every day.

This was server 9. Did a clean install of 10 and restored a usb backup at installation. Used the same media and procedure on our other server 9 and it does not have the issue.

I done a lot of searching and reading but most of the posts that address certificates are not for 10 and it looks like a lot of things are different in 10.

Any suggestions would be greatly appreciated.

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Server 10 creating new certificates every day
« Reply #1 on: July 30, 2021, 04:42:25 AM »
have you changed any hostname or domain on your server ?
if yes the certificate is regenerated.

also if you have internal or external ip changing then, it is regenerated.


Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Server 10 creating new certificates every day
« Reply #2 on: July 30, 2021, 06:32:03 AM »
dynamic IP ?
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Server 10 creating new certificates every day
« Reply #3 on: July 31, 2021, 12:54:53 AM »
dynamic IP ?
most probably

will need to bug that and fix it. 
no external ip in alternative names if dynamic enabled unless forced. I ser some
provider leaving the same ip for months and it would not be an issue to have it


waiting OP to confirm.

Offline wbblythe

  • 2
  • +0/-0
Re: Server 10 creating new certificates every day
« Reply #4 on: July 31, 2021, 02:01:40 AM »
This is a static IP.

The name was changed. The IP address was not, however at one time this was a gateway and is now server only.

This is an old installation, upgraded through several versions and touched by others over the years. Perhaps it is not as clean as it should be.

It's only function is a mail server. One idea I had would be to do another clean installation and just restore users, passwords and email from the workstation backup. That is really all I need - everything else is so easy to configure. I have searched and read but I have not found what files I would need to restore to do that - if it is even possible.

I cannot thank both of you who have replied enough. I truly appreciate it and any advice you might have.

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Server 10 creating new certificates every day
« Reply #5 on: July 31, 2021, 03:23:49 AM »
is there ddclient contrib on it ?

and still even if as server now, is it a dynamic ip on your connexion?

scripts compares alternatives names and few other field to see if the certificate should be updated so i see only two options:
- the ip or domain or host have modified
- a non standard character is included and cut one field leading to this


Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Server 10 creating new certificates every day
« Reply #6 on: July 31, 2021, 04:54:35 AM »
It's only function is a mail server. One idea I had would be to do another clean installation and just restore users, passwords and email from the workstation backup. That is really all I need - everything else is so easy to configure. I have searched and read but I have not found what files I would need to restore to do that - if it is even possible.

Yes doable, https://wiki.koozali.org/Lazy_Admin_Tools#Migrate_user_accounts_to_a_new_server
--
qui scribit bis legit