Re: [exim] Certificate name mismatch over VPN

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlain D D Williams at <-
MOlaf Hopp (SCC) at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Certificate name mismatch over VPN
On 30/07/2021 22:40, Alain D D Williams via Exim-users wrote:
> I do not think that I can do that here. The certificate is given to me by Let's
> Encrypt (le). Le verifies the (SNI) name by asking the agent to upload a nonce
> (a file with 86 random bytes) to where it can see it via a web server.
>
> Unfortunately mint-vpn.phcomp.co.uk should only be visible via the VPN so LE
> will not verify it and so not generate & sign a certificate that contains it.

Earlier you said you could generate a cert for mint-vpn.
Now you say you're using LE certs, and your problem is that
the public name visible to LE for their very step isn't the vpn one.

I'm confused.

--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Certificate name mismatch over VPNRe: [exim] 4.95-RC0 - SIGSEGV (maybe attempt to write to immutable memory) & other oddities->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)