So i decided to renew the ssl (my blog), and that meant a new csr which i created. Once the money business was dealt with things then did not go smoothly, although it verified ok, it then did not like some fields so reset my openssl.cnf and regenerate the file minus country zone and town which might be a criticism and make ssl providers of cheap end seem not interested in the concept of verification.
the www screws up verisign too in the process
postfix/smtpd: NOQUEUE: reject: RCPT from authmail1.verisign.com[18.104.22.168]: 554 5.7.1 <postmaster@www.*.tld>: Relay access denied; from=<*@*.com> to=<postmaster@*.tld> proto=ESMTP helo=<authmail1.verisign.com>
For contant emails i put no http://www.domain.tld but just domain.tld
Having put a stop to the annoying crm tracking emails with the money, i stop my ssl renewal for a week where i than mail bombed to death by the crm softwatre for not completing the order because the csr was deemed bad by there back end. and ssl does not just mean https. it means tls, and use in other applications its not a one trick pony.
I wreck my second attempt as i want www. and .x.tld. Third time lucky get www and .tld in the certificate – (www goes first) , https is an install breeze except my firefox config security.tls.version.min then throws a hissy fit, i reset it (my blog) Oh well easy come and easy go
It takes a bit of time to replace the old cert with the new cert, less than before. i make pem for the mail store and point it to the right file and postfix does not like my efforts but i copy the pem to postfix and that also seems to work, if it was just http then sure the process is easy, that is until i start on ssl configurations (my blog) and here i go from a+ back to a b in quays, due to openssl issues with tls which is not my fault. Sigh.
i will cover the openssl apache issues later. in another post.