DNS server /usr/local/directadmin/scripts/letsencrypt.sh

micheld

micheld

Verified User
Joined
Apr 5, 2006
Messages
55
Location
NL
I use own DNS servers and the DNS servers in the script do not work.
I change it and by the next update it is back to google and cloudflare.

/usr/local/directadmin/scripts/letsencrypt.sh

Why it not look to the server dns settings /etc/resolv.conf

# Use Google DNS for external lookups
DNS_SERVER="8.8.8.8"
DNS6_SERVER="2001:4860:4860::8888"
# Fallback DNS server
NEW_IP="1.1.1.1"
NEW6_IP="2606:4700:4700::1111"
#NEW_IP=`cat /etc/resolv.conf |grep ^nameserver | grep -v 127.0.0.1 | head -n1 | cut -d\ -f2`
DA_IPV6=false
 
micheld said:
Why it not look to the server dns settings /etc/resolv.conf
Click to expand...
Not always /etc/resolv.conf might be configured correctly. Next to that, for LE to be used, your system must be able to be found by external DNS. So that's why the Letsencrypt script makes use of external DNS to check if your system is found and the LE request can be made.
That shouldn't be done locally.

It's no use changing the letsencrypt.sh file because on the next LE update it will be overwritten.

Do you have issues with LE using Google DNS?
 
You would expect that the resolv.conf should always be good.
Otherwise more functions on the server and scripts wouldn't work.

We have a strict hardware firewall that does not allow google or cloudflare dns request.
Every time we get that message after an update that the renewal of a certificate is not successful.
 
micheld said:
You would expect that the resolv.conf should always be good.
Click to expand...
Yes, one would expect that, unfortunately that is not the case. I even had installed with some datacenters without any content in the resolve.conf file.

I don't see any point in blocking Google or Cloudflare requests, that's a limitation you cause yourself. Not something which a lot of people would do.
So maybe you can get some exception rule for LE. Other method is to change the letsencrypt.sh and commute it. However, you have to watch good for updates of the script, because it can't be overwritten then anymore.

Last option is to send in a feature request via feedback.directadmin.com (you need a seperate login) to ask if the Letsencrypt.sh script could be adjusted to first use /etc/resolv.conf entry and if that not works, switch to Google or Cloudflare.
 
If the resolv is not correct, you also have a non-working license directadmin check. So don't understand the added value of DNS in a script.

But other than that I understand what you're saying and that I can do that.
And i make a feature request thanks for the tip
 
Last edited:
micheld said:
So don't understand the added value of DNS in a script.
Click to expand...
It's for the check from outside to the server.
The resolve.conf is for the server to be able to do lookups from inside to outside.
However I understand what you mean.

As for the tip, you're welcome.
Just to be sure, place the link to the feature request here, so people who read this thread and might want to support the request, can support it.
 
You must log in or register to reply here.
Back
Top