Requested/Renewed TLS certificate not applied

[DavidePrincipi]

After TLS certificate renewal, the newly obtained certificate is not propagated to applications. They continue to use the previous certificate version.

ℹ️ This bug of Core 3.12.2 affects any application relying on the get-certificate helper command: Mail, NethVoice, NethVoice Proxy, Ejabberd.

Steps to reproduce

• Configure Mail as mail.example.org
• A TLS certificate from LE is obtained. It's configured as Requested in the TLS certificates page
• After some days the certificate is renewed

Expected behavior

Mail receives the new certificate and starts to present it to its clients.

Actual behavior

The get-certificate helper command fails.

2025-10-09T13:21:19-05:00 [1:mail1:get-certificate] Error retrieving certificate: too many values to unpack (expected 2) 

Components

• Core 3.12.2

See also

• https://community.nethserver.org/t/letsencrypt-node-certificate-renews-but-type-is-requested/26445

---

Thanks to macwunder

[DavidePrincipi]

In Testing: Core 3.12.3-dev.1

Test case

Check the bug is not reproducible. As alternative:

• Change the name of Mail to a new one, to issue a new certificate request
• Ensure the new certificate is correctly applied and is presented to mail clients

[mrmarkuz]

Test case verified