root@server:~# bash -x /usr/local/directadmin/scripts/letsencrypt.sh request the.host.name
++ /usr/bin/id -u
+ MYUID=0
+ '[' 0 '!=' 0 ']'
+ export EXEC_PROPAGATION_TIMEOUT=300
+ EXEC_PROPAGATION_TIMEOUT=300
+ export EXEC_POLLING_INTERVAL=5
+ EXEC_POLLING_INTERVAL=5
+ LEGO=/usr/local/bin/lego
+ DNS_SERVER=8.8.8.8
+ DNS6_SERVER=2001:4860:4860::8888
+ NEW_IP=1.1.1.1
+ NEW6_IP=2606:4700:4700::1111
+ DA_IPV6=false
+ TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb
+ LEGO_DATA_PATH=/usr/local/directadmin/data/.lego
+ '[' 2 -lt 2 ']'
+ '[' 2 -lt 3 ']'
+ KEY_SIZE=ec256
+ ECC_USED=true
+ ECC=secp384r1
+ KEY_SIZE=
+ '[' '' = secp384r1 ']'
+ '[' '' = prime256v1 ']'
+ '[' '' = 4096 ']'
+ '[' '' = 2048 ']'
+ '[' '' = 8192 ']'
+ ECC=prime256v1
+ KEY_SIZE=ec256
+ ECC_USED=true
+ DA_BIN=/usr/local/directadmin/directadmin
+ '[' '!' -s /usr/local/directadmin/directadmin ']'
+ '[' request = present ']'
+ '[' request = cleanup ']'
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^ipv6=1$'
+ CURL=/usr/local/bin/curl
+ '[' '!' -x /usr/local/bin/curl ']'
+ DIG=/usr/bin/dig
+ '[' '!' -x /usr/bin/dig ']'
+ '[' '' = yes ']'
+ API_URI=acme-v02.api.letsencrypt.org
+ API=https://acme-v02.api.letsencrypt.org
+ CHALLENGETYPE=http
+ GENERAL_TIMEOUT=40
+ CURL_OPTIONS='--connect-timeout 40 -k --silent'
++ uname
+ OS=Linux
+ OPENSSL=/usr/bin/openssl
++ date +%s
+ TIMESTAMP=1603315621
++ /usr/local/directadmin/directadmin c
++ grep '^letsencrypt='
++ cut -d= -f2
+ LETSENCRYPT_OPTION=1
++ /usr/local/directadmin/directadmin c
++ grep '^secure_access_group='
++ cut -d= -f2
+ ACCESS_GROUP_OPTION=access
+ FILE_CHOWN=diradmin:mail
+ FILE_CHMOD=640
+ '[' access '!=' '' ']'
+ FILE_CHOWN=diradmin:access
+ '[' '!' -x /usr/local/bin/lego ']'
+ DOCUMENT_ROOT=
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' '!' -z '' ']'
+ APPEND_SERVER='-s https://acme-v02.api.letsencrypt.org/directory'
++ hostname -f
+ SERVER_HOSTNAME=cana.itmate.net
+ '[' -z cana.itmate.net ']'
+ '[' '!' -s /usr/local/directadmin/data/users/admin/user.conf ']'
+ ADMIN_USERCONF=/usr/local/directadmin/data/users/admin/user.conf
+ '[' '!' -z /usr/local/directadmin/data/users/admin/user.conf ']'
+ '[' -s /usr/local/directadmin/data/users/admin/user.conf ']'
++ grep -m1 '^email=' /usr/local/directadmin/data/users/admin/user.conf
++ cut -d= -f2
++ cut -d, -f1
+ [email protected]
+ '[' -z [email protected] ']'
+ DOMAIN=the.host.name
+ '[' '' '!=' yes ']'
+ FOUNDDOMAIN=0
++ echo the.host.name
++ tr , ' '
+ for TDOMAIN in '`echo "${DOMAIN}" | tr '\'','\'' '\'' '\''`'
+ DOMAIN_NAME_FOUND=the.host.name
++ echo the.host.name
++ perl -p0 -e 's#\.#\\.#g'
+ DOMAIN_ESCAPED='the\.host\.name'
+ grep -m1 -q '^the\.host\.name:' /etc/virtual/domainowners
++ grep -m1 '^the\.host\.name:' /etc/virtual/domainowners
++ cut '-d ' -f2
+ USER=revive
+ HOSTNAME=0
+ FOUNDDOMAIN=1
+ break
+ '[' 1 -eq 0 ']'
+ CSR_CF_FILE=
+ DA_USERDIR=/usr/local/directadmin/data/users/revive
+ DA_CONFDIR=/usr/local/directadmin/conf
+ HOSTNAME_DIR=/var/www/html
+ '[' '!' -d /usr/local/directadmin/data/users/revive ']'
+ '[' '!' -d /usr/local/directadmin/conf ']'
+ '[' 0 -eq 0 ']'
+ DNSPROVIDER_FALLBACK=/usr/local/directadmin/data/users/revive/domains/the.host.name.dnsprovider
+ '[' -s /usr/local/directadmin/data/users/revive/domains/the.host.name.dnsprovider ']'
+ KEY=/usr/local/directadmin/data/users/revive/domains/the.host.name.key
+ CERT=/usr/local/directadmin/data/users/revive/domains/the.host.name.cert
+ CACERT=/usr/local/directadmin/data/users/revive/domains/the.host.name.cacert
+ '[' '' '!=' '' ']'
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^letsencrypt=2$'
+ DOMAIN_DIR=/var/www/html
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' -s /usr/local/directadmin/data/users/revive/domains/the.host.name.cert ']'
+ '[' request = renew ']'
+ '[' request = request ']'
+ echo the.host.name
+ grep -m1 -q ,
+ '[' -s '' ']'
+ '[' -s /usr/local/directadmin/data/users/revive/domains/the.host.name.cert ']'
+ /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/revive/domains/the.host.name.cert
+ grep -m1 -q 'Subject Alternative Name:'
++ /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/revive/domains/the.host.name.cert
++ grep -m1 'Subject Alternative Name:' -A1
++ grep DNS:
++ perl -p0 -e 's|DNS:||g'
++ tr -d ' '
+ DOMAIN=the.host.name
+ '[' '!' -e /var/www/html ']'
+ echo the.host.name
+ grep -m1 -q ,
+ DOMAINS=the.host.name
+ DOMAIN_FLAG='-d the.host.name'
+ FIRST_DOMAIN=the.host.name
+ CHALLENGETYPE=http
+ '[' -s /usr/local/directadmin/data/users/revive/domains/the.host.name.dnsprovider ']'
+ '[' '!' -z '' ']'
+ echo '-d the.host.name'
+ grep -m1 -q '*\.'
++ echo the.host.name
++ perl -p0 -e 's/,/ /g'
++ perl -p0 -e 's/^\*.//g'
+ for domain_name in '`echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`'
+ caa_check the.host.name
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA the.host.name +short
++ tail -n1
++ grep -v '\.$'
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo the.host.name
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA host.name @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA host.name @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ CAA_OK=false
+ CAA_CURRENT=SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA the.host.name @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA the.host.name @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ CAA_OK=false
+ CAA_CURRENT=SERVFAIL
+ false
+ echo 'CAA record prevents issuing the certificate: SERVFAIL'
CAA record prevents issuing the certificate: SERVFAIL
+ exit 1
root@server:~#