We do need to use the serial file and to generate it ourselves

data/hooks/conf_regen/02-ssl

@@ -24,7 +24,7 @@ do_init_regen() {
 
   # initialize some files
   [[ -f "${ssl_dir}/serial" ]] \
-    || echo "00" > "${ssl_dir}/serial"
+    || openssl rand -hex 19 > "${ssl_dir}/serial"
   [[ -f "${ssl_dir}/index.txt" ]] \
     || touch "${ssl_dir}/index.txt"
 

data/templates/ssl/openssl.cnf

@@ -43,7 +43,7 @@ unique_subject	= no			# Set to 'no' to allow creation of
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate	= $dir/ca/cacert.pem 	# The CA certificate
-#serial		= $dir/serial 		# The current serial number
+serial		= $dir/serial 		# The current serial number
 #crlnumber	= $dir/crlnumber	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL

src/yunohost/tools.py

@@ -383,6 +383,8 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
     # Create SSL CA
     service_regen_conf(['ssl'], force=True)
     ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
+    # (Update the serial so that it's specific to this very instance)
+    os.system("openssl rand -hex 19 > %s/serial" % ssl_dir)
     commands = [
         'rm %s/index.txt' % ssl_dir,
         'touch %s/index.txt' % ssl_dir,