Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Certificate name mismatch over VPN
On 30/07/2021 22:40, Alain D D Williams via Exim-users wrote: > I do not think that I can do that here. The certificate is given to me by Let's
> Encrypt (le). Le verifies the (SNI) name by asking the agent to upload a nonce
> (a file with 86 random bytes) to where it can see it via a web server.
>
> Unfortunately mint-vpn.phcomp.co.uk should only be visible via the VPN so LE
> will not verify it and so not generate & sign a certificate that contains it.
Earlier you said you could generate a cert for mint-vpn.
Now you say you're using LE certs, and your problem is that
the public name visible to LE for their very step isn't the vpn one.