How to regenerate self-signed certs with FQDN?

Problem Description
Clients are refusing to allow exceptions for my self-signed certificate because the Common Name still shows the hostname for my system.

Steps to Reproduce

  1. Set up FreedomBox and register / configure domain name
  2. Harbour profound distrust of LetsEncrypt
  3. Configure eJabberd and test using JSXC
  4. Connect with Gajim and attempt to allow exception for invalid SSL certificate
  5. Dialog will continue to re-appear in cases where Common Name is mismatched. Gajim developers confirm this is a feature and not a bug.

Expected Results
I’m looking up how to use openssl to regenerate /etc/ejabberd/ejabberd.pem with the correct hostname.

I came to the forums to ask where else on Freedombox I might find self-signed certificates with the old hostname, aside from the apps themselves?

Having a management panel for self-signed certificates in opposition to a panel for LetsEncrypt seems like it would be very helpful for this.

Actual results
I get an error with the following message:

Certificate not valid
In this case, the error does not go away. Closing the dialog via “x” refuses the connection.


  • FreedomBox version: 22.15
  • Hardware: Raspberry Pi 4B
  • How did you install FreedomBox?: sudo apt install freedombox on a fresh Debian Bookworm

For anyone else who tried changing their FQDN through Freedombox and didn’t set up LetsEncrypt, my solution was to edit the proper files before first boot.

/etc/hosts should have a line which begins with your Public IP, followed by a space or a tab, your fqdn, another space or tab, and lastly your hostname.

/etc/hostname should be changed to reflect that hostname.

When I restarted my Freedombox, the SSL cert had the proper domain name.

However, Plinth only showed the portion, omitting the subdomain I included in the FQDN. This seems to be limited to Plinth.

1 Like