English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Detect and activate newer certificate feature
-
I'm testing the new version of Mdaemon specifically for the 'Automatically detect and activate newer certficates' feature.
I do have one question- on this particular server the certficates I want it to use are being stored in the WebHosting certificate store (as this is the default location where the ACME client dumps them). I can see that Mdaemon is only looking at the 'Personal' certificate store path. Is there any way to configure Mdaemon to look at both the WebHosting and Personal paths? Or at least look at the WebHosting path?
Worst case I can try to reconfigure the ACME client to store the certificates and renewals in the 'Personal' path- but then I'd also have to modify some other scripts I have running against those certs. So I'd prefer to just make a change in Mdaemon to look at that WebHosting path if possible.
By the way, I did look at the SSL settings in Mdaemon.ini and found what I thought would let me make the change. I modified 'CertStoreName=My' (which is the Personal path) and changed it to 'CertStoreName=WebHosting' then saved that change and restarted Mdaemon. However, after opening Mdaemon, I noticed it was still looking only at the Personal store. On top of that, it reverted the change I had made in Mdaemon.ini and put it back to 'CertStoreName=My'.
So there must be something else that is controlling that?
-
MDaemon does not currently let you configure where it looks for certificates. It looks in the local machine's "Personal" and "Trusted Root Certification Authorities" certificate stores. The code that detects and activates newer certificates only looks for a newer certificate if the current one is in either of the two certificate stores that MDaemon looks at. Looking in other places can be added to the wish list.
I did test attempting to change the ini setting and in my testing it did not get changed back, so something outside of MDaemon was reverting it for you.
-
Thank you for the clarification. For now I will reconfigure my ACME client and scripts to point to the 'Personal' certificate store. I would say it would be good to add the WebHosting store location, in addition to the Personal store, as a wish list item though. I'm certain others will run in to this same issue when trying to use this great new feature. I will have to verify, in a couple months when the ACME renewal runs again, that Mdaemon is picking up the new cert.
Speaking of which, what is the mechanism Mdaemon is using to detect and use a new cert automatically?
I ask because each new cert that is issued via the ACME process has a slightly different name and, obviously, hash. For example, the name of each cert is like this: "[IIS] MyDomainName, (any host) @ 2025/10/17" where the date field is updated at each renewal (so the cert for the next renewal would be named "[IIS] MyDomainName, (any host) @ 2025/12/17".
