Hi All I've followed the guide as previously made available, for adding LE to mail servers, and until today its worked properly running the below from /opt/certbot Code: /certbot-auto auth --text --agree-tos --standalone --email postmaster@`hostname -d` -d `hostname -f` -d mail.domain1.co.uk -d mail.domain2.co.uk etc -d mail.newdomain.co.uk I've tried to add a domain to the list, by adding the domain on to the end, as has worked plenty of times before Now when I run the command I get Code: tls-sni-01 challenge for mail1.domain.tld tls-sni-01 challenge for mail.domain1.co.uk tls-sni-01 challenge for mail.domain2.co.uk http-01 challenge for mail.newdomain.co.uk Cleaning up challenges Problem binding to port 80: Could not bind to IPv4 or IPv6. I can see that its doing a http-01 challenge for it, so I'm wondering if there is something im missing when the others are tls-sni-01 Any advice please?
Are you running an http daemon on this server? To me, it looks as if it can not verify the cert because there is already a service running on port 80, so certbot cannot bind itself to that port.
Ok, so you're running apache there. maybe for a webmail client or so? What you can do is to stop apache, use certbot, then start apache again. Or stop and disable apache completely, if you don't need it.
ran service apache2 stop re ran the code, it's completed correctly, however, it is still doing http-01 challenge for the new domain, rather than the tls-sni-01 of the pre-existing domains
@till oh ok, but it's still doing the tls-sni-01 for the existing domains I've just run the mail domain though SSL-Tools and it can't see the new certificate ... its actually showing some that are not (shouldn't be) on the certificate anymore
Did you restart postfix and dovecot after you created the new ssl cert? And did you check that the new ssl cert has the same name, certbot tends to add 0001, 0002 etc. on the cert name which means that you might have to adjust the symlinks in /etc/postfix directory to point them to the correct cert.