letsencrypt(2.0.16) certificate configured on user instead server wide.

dmtinc

Verified User
Joined
May 10, 2008
Messages
148
Location
Chile
Hi,

I have the following problem, the server hostname is mail.domain.tld and exist a user account with the domain domain.tld, the user account dont have a subdomain with the name "mail", so with the last version of letsencrypt.sh when the certificate for the server hostname is requested, the certificate is save on the user account a not installed server wide, but If I try with a old version of letsencrypt.sh works ok.

This is a big problem in my case, as the certificate is configured in the userlevel, all the related files to the certificated isnt update in the directadmin conf folder including:

/usr/local/directadmin/conf/cacert.pem.creation_time

So the server was requesting a new certificate every day from march 21 (the date of the release of the last letsencrypt.sh?), so the request of certificate for the server now are rate limited (too many certificates for the same domain name).


Working version: https://files.directadmin.com/services/all/letsencrypt.sh.2.0.0
Not working version: 2.0.16 (I also try with the script with name 2.0.17 but its the same result). But I really dont know in what version the problem start.

The hostname is configured fine in /usr/local/directadmin/conf/directadmin.conf
The hostname is configured fine in /etc/hostname
The hostname is configured fine in /etc/hosts
The hostname isnt present in /etc/virtual/domainowners
The hostname isnt present in /usr/local/directadmin/data/users/$user/domains.list
The hostname isnt present in /usr/local/directadmin/data/users/$user/domains/$domain.subdomains
all has been compiled again using custombuild (./build all d) and reconfigured (./build rewrite_confs)
Isn't pending packages updates in yum


atest version of DirectAdmin: 1.61.5
Installed version of DirectAdmin: 1.61.5

Latest version of LetsEncrypt: 2.0.16
Installed version of LetsEncrypt: 2.0.16

Latest version of CustomBuild plugin: 1.0.36
Installed version of CustomBuild plugin: 1.0.36

Latest version of OpenLiteSpeed: 1.6.17
Installed version of OpenLiteSpeed: 1.6.17

Latest version of Comodo ModSecurity Rule Set: 1.233
Installed version of Comodo ModSecurity Rule Set: 1.233

Latest version of ProFTPD: 1.3.7a
Installed version of ProFTPD: 1.3.7a

Latest version of libpng: 1.6.37
Installed version of libpng: 1.6.37

Latest version of nghttp2: 1.42.0
Installed version of nghttp2: 1.42.0

Latest version of libspf2: 1.2.10
Installed version of libspf2: 1.2.10

Latest version of ICU4C: 66.1
Installed version of ICU4C: 66.1

Latest version of libsodium: 1.0.18
Installed version of libsodium: 1.0.18

Latest version of libxml2: 2.9.10
Installed version of libxml2: 2.9.10

Latest version of libxslt: 1.1.34
Installed version of libxslt: 1.1.34

Latest version of zlib: 1.2.11
Installed version of zlib: 1.2.11

Latest version of pigz: 2.4
Installed version of pigz: 2.4

Latest version of PCRE: 8.44
Installed version of PCRE: 8.44

Latest version of PCRE2: 10.35
Installed version of PCRE2: 10.35

Latest version of curl: 7.75.0
Installed version of curl: 7.75.0

Latest version of FreeType: 2.10.4
Installed version of FreeType: 2.10.4

Latest version of AWstats: 7.8
Installed version of AWstats: 7.8

Latest version of awstats_process.sh: 2.9
Installed version of awstats_process.sh: 2.9

Latest version of dovecot: 2.3.14
Installed version of dovecot: 2.3.14

Latest version of dovecot.conf: 0.4
Installed version of dovecot.conf: 0.4

Latest version of Exim: 4.94
Installed version of Exim: 4.94

Latest version of lego: 4.1.2
Installed version of lego: 4.1.2

Latest version of s-nail: 14.9.19
Installed version of s-nail: 14.9.19

Latest version of exim.conf: 4.5.35
Installed version of exim.conf: 4.5.35

Latest version of BlockCracking: 1.12
Installed version of BlockCracking: 1.12

Latest version of Easy Spam Fighter: 1.32
Installed version of Easy Spam Fighter: 1.32

Latest version of Rspamd Config: 0.4
Installed version of Rspamd Config: 0.4

Latest version of zstd: 1.4.5
Installed version of zstd: 1.4.5

Latest version of ClamAV: 0.103.1
Installed version of ClamAV: 0.103.1

Latest version of PHP 7.4: 7.4.16
Installed version of PHP 7.4: 7.4.16

Latest version of RoundCube: 1.4.11
Installed version of RoundCube: 1.4.11

Latest version of phpMyAdmin: 4.9.7-all-languages
Installed version of phpMyAdmin: 4.9.7-all-languages

name=DirectAdmin
version=1.61.5
port=2222
listen_backlog=8
ssl_port=0
ssl_ignore_when_local=1
hsts=-1
ipv6=0
da_website=https://www.directadmin.com/
servername=mail.domain.tld
ns1=ns1.domain.tld
ns2=ns2.domain.tld
numservers=10
timeout=60
handshake_timeout=12
request_timeout=20
upload_idle_timeout=120
get_current_version_timeout=5
session_minutes=60
use_cookie_expires=1
session_cookie_multiplier=24
cache_time=28800
da_gzip=1
systemd=1
maxfilesize=10485760
max_read_to_memory_size=524288000
rotate_httpd_error_log_meg=0
rotate_httpd_error_log_truncate=1
rotate_httpd_error_log_notify=3
rotate_httpd_error_log_global=0
custom_httpd_syntax_check=1
logs_to_keep=5
logs_history_as_nobody=0
compress_rotated_logs=1
max_username_length=10
allow_upper_case_username=0
convert_to_punycode=0
check_group_on_user_create=1
check_home_path_on_user_create=1
notify_admins_on_all_account_creation=0
user_action_locking=30
login_history=10
login_history_include_login_as=0
disable_ip_check=1
check_referer=1
check_referer_port=1
session_requires_referer=1
allow_foreign_key=0
login_keys=1
login_keys_notify_on_creation=1
simple_disk_usage=0
realtime_quota=2
use_xfs_quota=1
xfs_on_domains=1
hard_quota_multiplier=1.1
inode=1
count_other_disk_usage=0
usersdir=./data/users
userdata=./data/users
zip=1
extract_list_max_files=5000
awstats=1
webalizer=0
custom_stats_path=
force_pipe_post=
rotation=1
stats_owned_by_user=0
ensure_root_awstats_link=1
use_syslogd=0
pid_to_logs=0
php_mail_log=1
php_mail_log_dir=
cluster=0
remote_dns_retries=0
cluster_user_sync=0
enable_threads=0
allow_ttl_override=1
default_ttl=3600
named_checkzone=1
named_rndc=0
named_rndc_addzone=0
named_checkzone_level=fail
named_service_override=
allow_dns_underscore=1
wrap_long_dns_values=1
named_rename_hostname_zone=1
dns_tlsa=0
dns_ns=2
dns_ptr=2
dns_caa=0
dns_spf=0
dns_ttl=1
extra_spf_value=
dnssec=0
user_dnssec_control=0
dnssec_mss_use_signed_zone=1
dnssec_add_subdomain_ds_to_parent=1
dnssec_add_subdomain_ds_to_remote_parent=1
dnssec_keygen_keysize=2048
dnssec_keygen_algorithm=
full_mx_records=1
mx_templates=1
dns_affect_pointers_default=1
local_mailserver_without_dnscontrol=0
dkim=0
dkim_selector=x
cloud_cache=0
dovecot=1
allow_incoming_email_on_suspend=0
dovecot_proxy=0
dovecot_proxy_override=
count_pop_usage=1
email_show_last_login=0
email_show_last_password_change=1
pop_disk_usage_cache=0
pop_disk_usage_dovecot_quota=0
pop_disk_usage_true_bytes=0
default_pop_quota=50
add_userdb_quota=1
system_user_to_virtual_passwd=0
purge_spam_days=14
show_main_spambox=1
delete_messages_days=7
delete_tickets_days=7
preserve_html_sequences=0
spam_inbox_prefix=1
clean_forwarders_on_email_delete=1
delete_vacation_on_end=0
allow_forwarder_pipe=1
forwarder_loop_check=1
default_mailing_list_max=100000
user_email_quota_max=0
reseller_can_set_email_limit=0
reseller_can_reset_email_count=0
user_can_set_email_limit=1
max_per_email_send_limit=-1
max_user_send_limit=-1
default_email_notify_limit=1000
notify_email_on_per_email_limit=1
notify_on_mass_emailing=1
notify_user_on_mass_emailing=1
notify_reseller_on_mass_emailing=1
notify_admins_on_mass_emailings=1
notify_admins_on_per_email_mass_emailings=1
block_cracking_unblock=1
block_cracking_unblock_minutes=120
parse_php_mail_log_at_limit=1
disable_php_script_at_limit_threshold=80
disable_php_script_at_limit_minimum=100
utf8_encode_subject=0
utf8_encode_from_to=0
add_domain_to_domainips=0
domainips_default_ip=
skip_hometargz_in_backups=0
skip_domains_in_backups=0
skip_imap_in_backups=0
skip_trash_in_backups=0
direct_imap_backup=1
skip_uebimiau_in_backups=0
skip_roundcube_in_backups=0
webmail_backup_is_email_data=1
skip_databases_in_backups=0
mysql=1
mysqldump_routines=1
mysql_milestone_16=0
mysql_use_new_user_methods=0
mysql_detect_correct_methods=0
mysql_remove_test_db=1
database_extended_user_privileges=1
custom_mysql_conf=0
restore_database_as_admin=1
abort_source_on_error=1
skip_ftp_on_backup_fail=0
backup_apache_files_list=1
allow_db_underscore=0
allow_email_plus=0
backup_hard_link_check=1
backup_ftp_pre_test=1
backup_ftp_md5=0
allow_backup_encryption=0
backup_tmp_path_has_pid=1
notify_on_suspicious_stats_folder=1
strict_backup_permissions=1
add_non_readable_files_to_strict_backup=1
backup_gzip=1
show_php_version=1
show_info_in_header=1
show_info_in_title=1
show_db_usage=1
show_pointers_in_list=1
enforce_difficult_passwords=0
special_characters_in_random_passwords=0
ambiguous_characters_in_random_passwords=1
random_password_length=8
random_password_length_max=10
difficult_password_length_min=6
crypt_method=6
check_subdomain_owner=1
allow_subdomain_docroot_override=1
check_subdomain_owner_in_cluster_domainowners=0
allow_domain_special_characters=1
users_can_add_remove_domains=0
users_can_rename_domains=1
enable_ssl_sni=1
mail_sni=0
ecc_certificates=1
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_foreground_http_max=10
letsencrypt_renewal_failure_notice_after_attempt=5
admin_ssl_replace_all_expired_invalid=0
admin_ssl_check_retries=1
admin_ssl_install_to_missing=0
letsencrypt_disable_renew_after_renew_failure=0
letsencrypt_max_requests_per_week=100
letsencrypt_multidomain_cert=3
certificate_common_name_with_www=0
letsencrypt_renewal_success_notice=0
letsencrypt_renewal_notice_to_admins=1
letsencrypt_renewal_error_to_users=1
renew_letsencrypt_on_suspended_domain=0
letsencrypt_account_email=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
admin_ssl_poll_frequency=5m:15m:30m:1h:12h:1d
show_all_users_cache_extra_vars=date_created
commands_force_deny=CMD_LOGIN_KEYS:CMD_API_LOGIN_KEYS
never_commands=
use_uid_counting=1
process_list_debug=0
backup_debug=0
lock_debug=0
debug_only_cmd=0
debug_user_locking=0
logdir=/var/log/directadmin
errorlog=/var/log/directadmin/error.log
systemlog=/var/log/directadmin/system.log
securitylog=/var/log/directadmin/security.log
pipe_log=/dev/null
loginlog=/var/log/directadmin/login.log
usermod=/usr/sbin/usermod
useradd=/usr/sbin/useradd
userdel=/usr/sbin/userdel
groupadd=/usr/sbin/groupadd
groupdel=/usr/sbin/groupdel
passwd=/usr/bin/passwd
htpasswd=/usr/bin/htpasswd
openssl=/usr/bin/openssl
chpass=/usr/bin/chpass
chpasswd=/usr/sbin/chpasswd
edquota=/usr/sbin/edquota
setquota=/usr/sbin/setquota
xfs_quota=/usr/sbin/xfs_quota
repquota=/usr/sbin/repquota
quota=/usr/bin/quota
curl=/usr/local/bin/curl
pw=/usr/sbin/pw
admindir=./data/admin
serverpath=/usr/local/directadmin
ticketsdir=/usr/local/directadmin/data/tickets
license=/usr/local/directadmin/conf/license.key
templates=/usr/local/directadmin/data/templates
sessions_dir=/usr/local/directadmin/data/sessions
block_token_chars=$[]<>:#
global_httpd_tokens=/usr/local/directadmin/data/admin/global_httpd_tokens.conf
password_placeholder=XXXXXXXXXX
docsroot=./data/skins/evolution
demodocsroot=./data/skins/evolution
skinsdir=./data/skins
favicon_ico=favicon.ico
internal_lang=/usr/local/directadmin/data/skins/enhanced/lang
language=es
ssl=1
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
ssl_cipher=HIGH:!aNULL:!MD5
carootcert=/usr/local/directadmin/conf/carootcert.pem
taskqueue=/usr/local/directadmin/data/task.queue
taskqueueda=/usr/local/directadmin/data/task.queue.da
mailtaskqueue=/etc/virtual/mail_task.queue
taskqueuecb=/usr/local/directadmin/data/task.queue.cb
quota_partition=/
ext_quota_partitions=
mail_partition=
create_user_home_override=
home_override_list=
extra_backup_option=
extra_unzip_option=
allow_backup_exclude_path=1
allow_backup_exit_code_one=1
ethernet_dev=eth0
lan_ip=
cluster_ip_bind=
proxy_ip=
bind_address=
os_override=
ssl_redirect_host=mail.domain.tld
force_hostname=
access_control_allow_origin=
referrer_policy=off
x_frame_options=sameorigin
x_forwarded_from_ip=
apache_ver=1.3
http2=1
port_80=80
port_443=443
port_8080=8080
port_8081=8081
apachelogdir=/var/log/httpd/domains
apacheconf=/etc/httpd/conf/httpd.conf
apache_pid=/var/run/httpd.pid
apachemimetypes=/etc/mime.types
apacheips=/etc/httpd/conf/ips.conf
apachecert=/usr/local/lsws/ssl.crt/server.crt
apachekey=/usr/local/lsws/ssl.key/server.key
apacheca=/usr/local/lsws/ssl.crt/server.ca
secure_access_group=access
secure_disposal=/home/.disposal
apache_public_html=0
graceful_restarts=1
pointers_own_virtualhost=0
php_fpm_restarts=0
php_home_tmp_session_save_path=1
php_fpm_max_children_default=100
safemode=OFF
open_basedir=ON
openlitespeed_listeners=/usr/local/lsws/conf/listeners.conf
openlitespeed_ips_conf=/usr/local/lsws/conf/ips.conf
openlitespeed_vhosts_conf=/usr/local/lsws/conf/directadmin-vhosts.conf
openlitespeed_cert=/usr/local/lsws/ssl.crt/server.crt
openlitespeed_key=/usr/local/lsws/ssl.key/server.key
openlitespeed_ca=/usr/local/lsws/ssl.crt/server.ca
nginx=0
nginx_proxy=0
nginx_proxy_buffering=0
nginx_fpm_always_set=0
nginxconf=/etc/nginx/directadmin-vhosts.conf
nginxlogdir=/var/log/nginx/domains
nginxips=/etc/nginx/directadmin-ips.conf
nginx_pid=/var/run/nginx.pid
nginx_cert=/etc/nginx/ssl.crt/server.crt
nginx_key=/etc/nginx/ssl.key/server.key
nginx_ca=/etc/nginx/ssl.crt/server.ca
modsec_audit_dir=/var/log/modsec_audit
litespeed=0
openlitespeed=1
user_can_reload_openlitespeed=1
fm_owners=|USER|:|GROUP|
fm_file_permissions=644
fm_dir_permissons=755
owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
sshdconfig=/etc/ssh/sshd.bogon
ftpconfig=/etc/proftpd.conf
ftpvhosts=/etc/proftpd.vhosts.conf
ftppasswd=/etc/proftpd.passwd
ftpsep=@
namedconfig=/etc/named.conf
nameddir=/var/named
ip_blacklist=/usr/local/directadmin/data/admin/ip_blacklist
ip_whitelist=/usr/local/directadmin/data/admin/ip_whitelist
bruteforce=1
brutecount=5
brute_dos_count=20
exempt_local_block=0
brute_force_time_limit=60
clear_blacklist_ip_time=0
brute_force_log_scanner=1
hide_brute_force_notifications=1
brute_force_notifications_email_only=0
brute_force_ignore_attempts_on_suspended=1
brute_force_scan_apache_logs=2
brute_force_apache_log_list_update_interval=10
brute_force_scan_mod_security_logs=0
ip_brutecount=10
user_brutecount=10
clear_brute_log_time=1
clear_brute_log_entry_time=1
unblock_brute_ip_time=15
include_directadmin_port_in_brute_firewall=0
brute_force_mail_log=/var/log/maillog
brute_force_exim_log=/var/log/exim/mainlog
brute_force_exim_reject_log=/var/log/exim/rejectlog
brute_force_exim_panic_log=/var/log/exim/paniclog
block_cracking_variables_conf=/etc/exim.blockcracking/variables.conf
exim_paniclog=0
brute_force_mysql_log=/var/lib/mysql/mail.domain.tld.err
brute_force_roundcube_log=/var/www/html/roundcube/logs/errors.log
brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log
brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log
brute_force_secure_log=/var/log/secure
brute_force_messages_log=/var/log/messages
brute_force_pureftpd_log=/var/log/pureftpd.log
ftp_list_run_as=nobody
backup_nice=19
pigz=2
ionice_string=
pigz_bin=/usr/local/bin/pigz
unpigz_bin=/usr/local/bin/unpigz
zstd=1
zstd_bin=/usr/local/bin/zstdmt
reseller_backup_bandwidth=1
quota_update_interval=10
hide_outlook=0
user_email_smtp_logs=1
filemanager_du=1
filemanager_show_directory_count=1
filemanager_disable_features=0
fm_hour_offset=0.000000
fm_purge_trash_days=30
fm_allow_binary_edit=0
fm_to_trash_default=1
hide_ip_user_numbers=1
user_can_select_skin=0
skin_domain_redirect=1
allow_admin_login_as_to_reseller_skin=1
reseller_use_admin_config_json=1
reseller_can_customize_config_json=1
pureftp=0
jail=0
pure_pw=/usr/bin/pure-pw
ftppasswd_db=/etc/pureftpd.pdb
pureftp_log=/var/log/pureftpd.log
dig=/usr/bin/dig
zip_bin=
unzip_bin=
check_load=10
check_load_minute=5
load_notice_interval=10
load_top_string=/usr/bin/top -c -b -n 1
load_iotop_string=/usr/sbin/iotop -b -n 1
check_partitions=2
partition_usage_threshold=95
disk_usage_suspend=0
reseller_allocation_include_self=0
send_usage_message=1
check_task_queue=2048
track_task_queue_processes=1
addip=/usr/local/directadmin/scripts/addip
removeip=/usr/local/directadmin/scripts/removeip
emailvirtual=/etc/virtual
emailspoolvirtual=/var/spool/virtual
count_email_usage=0
maildir_with_new=1
hide_webmail_links=0
one_click_webmail_login=0
one_click_pma_login=0
webapps_ssl=1
force_ssl=0
webmail_link=roundcube
spam_inbox_prefix_name=INBOX.spam
user_helper=www.site-helper.com
reseller_helper=reseller.site-helper.com
admin_helper=admin.site-helper.com
mysqlconf=/usr/local/directadmin/conf/mysql.conf
damycnf=/usr/local/directadmin/conf/my.cnf
extra_mysqldump_options=
default_mysqldump_options=--single-transaction
extra_mysql_restore_options=
msg_sys=Mensaje del sistema
sysbk_conf=/usr/local/sysbk/conf.sysbk
mq_exim_bin=/usr/sbin/exim
mq_exim_max_load_size=2000
incremental_ftp=1
unified_ftp_password_file=1
multi_ip_enabled=1
php_version_selector=1
cpu_in_system_info=2
ram_in_system_info=1
cb_version_check_odds_percent=10
allow_user_exec=0
hook_custom_vars=0
plugins_allowed_run_as=1
check_plugin_update_interval=1440
plugin_max_hooks=16
allow_numeric_username=0
tokenizer_debug=0
tokenizer_clear_env=1
tokenize_script_output=0
show_custom_script_path=1
remove_clipboard_on_logout=1
direct_crons=1
set_php_bin_path_in_crons=0
set_php_bin_path_in_shell=0
set_php_ini_scan_dir_in_crons=0
lost_password=0
email_ftp_password_change=1
set_crypt_for_anonymous_ftp=0
security_questions=1
max_security_question_attempts=5
block_ip_after_failed_security_questions=0
twostep_auth=1
block_ip_after_failed_twostep_auth=0
max_twostep_auth_attempts=5
twostep_auth_discrepancy=1
twostep_auth_trust_days=30
htm_all_scripts=0
always_load_all_script_env_vars=0
reserved_env_vars=PATH:SHELL:_:LD_LIBRARY_PATH:LD_PRELOAD:LD_DEBUG:LD_DEBUG_OUTPUT:LD_DYNAMIC_WEAK:LD_SHOW_AUXV:GETCONF_DIR:NLSPATH:NIS_PATH:IFS:LD_AUDIT:LD_AOUT_LIBRARY_PATH:LD_AOUT_PRELOAD:LD_ORIGIN_PATH:LD_PROFILE:GCONV_PATH:HOSTALIASES:LOCPATH:MALLOC_TRACE:RESOLV_HOST_CONF:RES_OPTIONS:TMPDIR:TZDIR:LD_USE_LOAD_BIAS:MALLOC_CHECK_:ORIGIN:LC_ALL
allowed_hook_upper_case_env_vars=
old_public_html_link=1
default_private_html_link=1
frontpage_on=1
table_highlighting=1
table_default_ipp=50
table_case_sensitive_search=1
ajax=1
ajax_list_max=20
master_login_max_list=500
ajax_cache_max_time=1800
ajax_search_max_time=2.000000
reseller_warning_thresh=75
user_warning_thresh=80
user_warning_thresh_disk=95
user_warning_thresh_inode=95
notify_user_at_full_quota=1
tally_after_restore=1
restart_apache_after_tally=1
reload_apache_after_rotation=1
add_apache_comments=1
background_delete_size=10240
tmpdir=/home/tmp
backup_tmpdir=/home/tmp

For the tests:
the staging LE server was used (to avoid the rate limit), but with the prodution server the result its the same.
For this topic:
The Server ip was replaced with 1.2.3.4
The domain name was replaced with domain.tld


The test with the OLD version of letsencrypt.sh

++ /usr/bin/id -u
+ MYUID=0
+ '[' 0 '!=' 0 ']'
+ LEGO=/usr/local/bin/lego
+ DNS_SERVER=8.8.8.8
+ DNS6_SERVER=2001:4860:4860::8888
+ NEW_IP=1.1.1.1
+ NEW6_IP=2606:4700:4700::1111
+ DA_IPV6=false
+ TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb
+ LEGO_DATA_PATH=/usr/local/directadmin/data/admin/.lego
+ '[' 2 -lt 2 ']'
+ '[' 2 -lt 3 ']'
+ KEY_SIZE=ec384
+ ECC_USED=true
+ ECC=secp384r1
+ KEY_SIZE=
+ '[' '' = secp384r1 ']'
+ '[' '' = prime256v1 ']'
+ '[' '' = 4096 ']'
+ '[' '' = 2048 ']'
+ '[' '' = 8192 ']'
+ ECC=secp384r1
+ KEY_SIZE=ec384
+ ECC_USED=true
+ DA_BIN=/usr/local/directadmin/directadmin
+ '[' '!' -s /usr/local/directadmin/directadmin ']'
+ '[' request_single = present ']'
+ '[' request_single = cleanup ']'
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^ipv6=1$'
+ CURL=/usr/local/bin/curl
+ '[' '!' -x /usr/local/bin/curl ']'
+ DIG=/usr/bin/dig
+ '[' '!' -x /usr/bin/dig ']'
+ '[' yes = yes ']'
+ API_URI=acme-staging-v02.api.letsencrypt.org
+ API=https://acme-staging-v02.api.letsencrypt.org
+ ACCOUNT_URL=
+ CHALLENGETYPE=http
+ LICENSE_KEY_MIN_DATE=1470383674
+ DIG_SECONDS=15
+ GENERAL_TIMEOUT=40
+ CURL_OPTIONS='--connect-timeout 40 -k --silent'
++ uname
+ OS=Linux
+ OPENSSL=/usr/bin/openssl
++ date +%s
+ TIMESTAMP=1618937608
++ /usr/local/directadmin/directadmin c
++ grep '^letsencrypt='
++ cut -d= -f2
+ LETSENCRYPT_OPTION=1
++ /usr/local/directadmin/directadmin c
++ grep '^secure_access_group='
++ cut -d= -f2
+ ACCESS_GROUP_OPTION=access
+ FILE_CHOWN=diradmin:mail
+ FILE_CHMOD=640
+ '[' access '!=' '' ']'
+ FILE_CHOWN=diradmin:access
+ '[' '!' -x /usr/local/bin/lego ']'
+ DOCUMENT_ROOT=
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' '!' -z '' ']'
+ APPEND_SERVER='-s https://acme-staging-v02.api.letsencrypt.org/directory'
+ '[' -d /root/.lego/accounts/acme-staging-v02.api.letsencrypt.org ']'
++ grep -m1 '^email=' /usr/local/directadmin/data/users/admin/user.conf
++ cut -d= -f2
+ EMAIL=[email protected]
+ '[' -z [email protected] ']'
+ DOMAIN=mail.domain.tld
+ echo mail.domain.tld
+ grep -m1 -q ,
+ DOMAINS=mail.domain.tld
+ DOMAIN_FLAG='-d mail.domain.tld'
+ FIRST_DOMAIN=mail.domain.tld
+ CHALLENGETYPE=http
+ echo '-d mail.domain.tld'
+ grep -m1 -q '*\.'
++ echo mail.domain.tld
++ perl -p0 -e 's/,/ /g'
++ perl -p0 -e 's/^\*.//g'
+ for domain_name in '`echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`'
+ caa_check mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
+ challenge_check mail.domain.tld
+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
+ CURL_RESOLV_OPTIONS=
++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
+ echo ''
+ grep -m1 -q :
+ IP_TO_RESOLV=
+ '[' -z '' ']'
++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
++ tail -n1
+ IP_TO_RESOLV=1.2.3.4
++ /usr/bin/dig mail.domain.tld +short
++ tail -n1
+ CURRENT_RESOLV=1.2.3.4
+ '[' -z 1.2.3.4 ']'
+ '[' -x /sbin/ping6 ']'
+ false
+ ping6 -q -c 1 -W 1 mail.domain.tld
++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
++ tail -n1
+ IP_TO_RESOLV=1.2.3.4
++ /usr/bin/dig mail.domain.tld +short
++ tail -n1
+ CURRENT_RESOLV=1.2.3.4
+ '[' '!' -z 1.2.3.4 ']'
+ /usr/local/bin/curl --help
+ grep -m1 -q resolve
+ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
+ grep -m1 -q 'HTTP.*200'
+ '[' '' = silent ']'
+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
+ '[' request_single = request_single ']'
+ '[' '' = yes ']'
+ CSR_CF_FILE=
+ DOCUMENT_ROOT=
+ IS_FULL=false
+ '[' request_single = request_full ']'
+ FOUNDDOMAIN=0
+ for TDOMAIN in '${DOMAINS}'
+ DOMAIN=mail.domain.tld
++ echo mail.domain.tld
++ perl -p0 -e 's#\.#\\.#g'
+ DOMAIN_ESCAPED='mail\.puyehuechile\.cl'
+ grep -m1 -q '^mail\.puyehuechile\.cl:' /etc/virtual/domainowners
+ USER=root
++ /usr/local/directadmin/directadmin c
++ grep -m1 '^servername=mail\.puyehuechile\.cl$'
+ DA_SERVER_NAME=servername=mail.domain.tld
+ '[' '!' -z servername=mail.domain.tld ']'
+ echo 'Setting up certificate for a hostname: mail.domain.tld'
Setting up certificate for a hostname: mail.domain.tld
+ HOSTNAME=1
+ FOUNDDOMAIN=1
+ grep -m1 -q '^mail\.puyehuechile\.cl$' /etc/virtual/domains
+ break
+ '[' 1 -eq 0 ']'
+ '[' '' '!=' '' ']'
+ DA_USERDIR=/usr/local/directadmin/data/users/root
+ DA_CONFDIR=/usr/local/directadmin/conf
+ HOSTNAME_DIR=/var/www/html
+ '[' '!' -d /usr/local/directadmin/data/users/root ']'
+ '[' 1 -eq 0 ']'
+ '[' '!' -d /usr/local/directadmin/conf ']'
+ '[' 1 -eq 0 ']'
++ /usr/local/directadmin/directadmin c
++ grep '^cakey='
++ cut -d= -f2
+ KEY=/usr/local/directadmin/conf/cakey.pem
++ /usr/local/directadmin/directadmin c
++ grep '^cacert='
++ cut -d= -f2
+ CERT=/usr/local/directadmin/conf/cacert.pem
++ /usr/local/directadmin/directadmin c
++ grep '^carootcert='
++ cut -d= -f2
+ CACERT=/usr/local/directadmin/conf/carootcert.pem
+ '[' /usr/local/directadmin/conf/carootcert.pem = '' ']'
+ CSR=/usr/local/directadmin/conf/ca.csr
+ SAN_CONFIG=/usr/local/directadmin/conf/ca.san_config
+ DOMAIN_DIR=/var/www/html
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' -s /usr/local/directadmin/conf/ca.san_config ']'
+ grep -m1 -q '^subjectAltName=' /usr/local/directadmin/conf/ca.san_config
++ cat /usr/local/directadmin/conf/ca.san_config
++ grep '^subjectAltName='
++ cut -d= -f2
++ perl -p0 -e 's|DNS:||g'
++ tr -d ,
+ DOMAINS='mail.domain.tld www.mail.domain.tld mail.mail.domain.tld ftp.mail.domain.tld pop.mail.domain.tld smtp.mail.domain.tld'
+ FIRST_DOMAIN=mail.domain.tld
+ '[' '' '!=' '' ']'
+ '[' '!' -e /var/www/html ']'
+ echo mail.domain.tld www.mail.domain.tld mail.mail.domain.tld ftp.mail.domain.tld pop.mail.domain.tld smtp.mail.domain.tld
+ grep -m1 -q '*\.'
+ CN_DOMAIN=mail.domain.tld
+ echo 'mail.domain.tld www.mail.domain.tld mail.mail.domain.tld ftp.mail.domain.tld pop.mail.domain.tld smtp.mail.domain.tld'
+ grep -m1 -q mail.domain.tld
+ '[' mail.domain.tld = '' ']'
+ '[' '!' -s /usr/local/directadmin/conf/ca.san_config ']'
+ SAN=
++ echo mail.domain.tld www.mail.domain.tld mail.mail.domain.tld ftp.mail.domain.tld pop.mail.domain.tld smtp.mail.domain.tld
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, '
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, '
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, '
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, '
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, DNS:pop.mail.domain.tld, '
+ for i in '`echo ${DOMAINS}`'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, DNS:pop.mail.domain.tld, DNS:smtp.mail.domain.tld, '
++ echo 'DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, DNS:pop.mail.domain.tld, DNS:smtp.mail.domain.tld, '
++ perl -p0 -e 's|, $||g'
+ SAN='DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, DNS:pop.mail.domain.tld, DNS:smtp.mail.domain.tld'
+ echo '[ req_distinguished_name ]'
+ echo 'CN = mail.domain.tld'
+ echo '[ req ]'
+ echo 'distinguished_name = req_distinguished_name'
+ echo '[SAN]'
+ echo 'subjectAltName=DNS:mail.domain.tld, DNS:www.mail.domain.tld, DNS:mail.mail.domain.tld, DNS:ftp.mail.domain.tld, DNS:pop.mail.domain.tld, DNS:smtp.mail.domain.tld'
++ echo 'mail.domain.tld www.mail.domain.tld mail.mail.domain.tld ftp.mail.domain.tld pop.mail.domain.tld smtp.mail.domain.tld'
++ uniq
++ tr ' ' '\n'
++ perl -p0 -e 's|\*\.||g'
++ sort
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check ftp.mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA ftp.mail.domain.tld +short
++ tail -n1
++ grep -v '\.$'
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo ftp.mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA ftp.mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA ftp.mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check ftp.mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA ftp.mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ echo ''
++ grep -m1 -q :
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ /usr/bin/dig @8.8.8.8 ftp.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig ftp.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 ftp.mail.domain.tld
+++ /usr/bin/dig @8.8.8.8 ftp.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig ftp.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ /usr/local/bin/curl --help
++ grep -m1 -q resolve
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://ftp.mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check mail.mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA mail.mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo mail.mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check mail.mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA mail.mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ grep -m1 -q :
++ echo ''
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ tail -n1
+++ /usr/bin/dig @8.8.8.8 mail.mail.domain.tld +short
++ IP_TO_RESOLV=1.2.3.4
+++ tail -n1
+++ /usr/bin/dig mail.mail.domain.tld +short
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 mail.mail.domain.tld
+++ /usr/bin/dig @8.8.8.8 mail.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig mail.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ grep -m1 -q resolve
++ /usr/local/bin/curl --help
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://mail.mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ grep -m1 -q :
++ echo ''
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 mail.domain.tld
+++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ /usr/local/bin/curl --help
++ grep -m1 -q resolve
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check pop.mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA pop.mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo pop.mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA pop.mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA pop.mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check pop.mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA pop.mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ echo ''
++ grep -m1 -q :
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ /usr/bin/dig @8.8.8.8 pop.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig pop.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 pop.mail.domain.tld
+++ /usr/bin/dig @8.8.8.8 pop.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig pop.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ /usr/local/bin/curl --help
++ grep -m1 -q resolve
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://pop.mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check smtp.mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA smtp.mail.domain.tld +short
++ tail -n1
++ grep -v '\.$'
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo smtp.mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA smtp.mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA smtp.mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check smtp.mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA smtp.mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ echo ''
++ grep -m1 -q :
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ /usr/bin/dig @8.8.8.8 smtp.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig smtp.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 smtp.mail.domain.tld
+++ tail -n1
+++ /usr/bin/dig @8.8.8.8 smtp.mail.domain.tld +short
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig smtp.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ /usr/local/bin/curl --help
++ grep -m1 -q resolve
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://smtp.mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ for single_domain in '`echo "${DOMAINS}" | tr '\'' '\'' '\''\n'\'' | perl -p0 -e '\''s|\*\.||g'\'' | sort | uniq`'
+ caa_check www.mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA www.mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo www.mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA www.mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA www.mail.domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ true
+ '[' http = http ']'
++ challenge_check www.mail.domain.tld silent
++ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618937608
++ CURL_RESOLV_OPTIONS=
+++ /usr/bin/dig @8.8.8.8 AAAA www.mail.domain.tld +short
+++ grep -v '\.$'
+++ tail -n1
++ IP_TO_RESOLV=
++ '[' 0 -eq 9 ']'
++ echo ''
++ grep -m1 -q :
++ IP_TO_RESOLV=
++ '[' -z '' ']'
+++ /usr/bin/dig @8.8.8.8 www.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig www.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' -z 1.2.3.4 ']'
++ '[' -x /sbin/ping6 ']'
++ false
++ ping6 -q -c 1 -W 1 www.mail.domain.tld
+++ /usr/bin/dig @8.8.8.8 www.mail.domain.tld +short
+++ tail -n1
++ IP_TO_RESOLV=1.2.3.4
+++ /usr/bin/dig www.mail.domain.tld +short
+++ tail -n1
++ CURRENT_RESOLV=1.2.3.4
++ '[' '!' -z 1.2.3.4 ']'
++ /usr/local/bin/curl --help
++ grep -m1 -q resolve
++ /usr/local/bin/curl --connect-timeout 40 -k --silent -I -L -X GET http://www.mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618937608
++ grep -m1 -q 'HTTP.*200'
++ '[' silent = silent ']'
++ echo 0
++ return
+ CHALLENGE_TEST=0
+ '[' 0 -eq 1 ']'
+ grep -m1 -q '^CN[^A-Za-z0-9]*=' /usr/local/directadmin/conf/ca.san_config
+ chown diradmin:diradmin /usr/local/directadmin/conf/ca.san_config
+ chmod 600 /usr/local/directadmin/conf/ca.san_config
+ true
+ echo 'Generating ec384 bit ECDSA key for mail.domain.tld...'
Generating ec384 bit ECDSA key for mail.domain.tld...
+ echo 'openssl ecparam -name secp384r1 -genkey > "/usr/local/directadmin/conf/cakey.pem.new"'
openssl ecparam -name secp384r1 -genkey > "/usr/local/directadmin/conf/cakey.pem.new"
+ /usr/bin/openssl ecparam -name secp384r1 -genkey
+ '[' 0 -ne 0 ']'
+ /usr/bin/openssl req -new -sha256 -key /usr/local/directadmin/conf/cakey.pem.new -subj /CN=mail.domain.tld -reqexts SAN -config /usr/local/directadmin/conf/ca.san_config -out /usr/local/directadmin/conf/ca.csr
+ /usr/local/bin/lego --path /usr/local/directadmin/data/admin/.lego --dns.resolvers 8.8.8.8 --accept-tos -s https://acme-staging-v02.api.letsencrypt.org/directory -m [email protected] --http --http.webroot /var/www/html --csr=/usr/local/directadmin/conf/ca.csr --key-type ec384 run --no-bundle
2021/04/20 12:53:31 No key found for account [email protected]. Generating a P384 key.
2021/04/20 12:53:31 Saved key to /usr/local/directadmin/data/admin/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2021/04/20 12:53:31 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/usr/local/directadmin/data/admin/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2021/04/20 12:53:32 [INFO] [mail.domain.tld, www.mail.domain.tld, mail.mail.domain.tld, ftp.mail.domain.tld, pop.mail.domain.tld, smtp.mail.domain.tld] acme: Obtaining SAN certificate given a CSR
2021/04/20 12:53:33 [INFO] [ftp.mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778246
2021/04/20 12:53:33 [INFO] [mail.mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778247
2021/04/20 12:53:33 [INFO] [mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778248
2021/04/20 12:53:33 [INFO] [pop.mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778249
2021/04/20 12:53:33 [INFO] [smtp.mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778250
2021/04/20 12:53:33 [INFO] [www.mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31778251
2021/04/20 12:53:33 [INFO] [ftp.mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [ftp.mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [smtp.mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [smtp.mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [mail.mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [mail.mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [pop.mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [pop.mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [www.mail.domain.tld] acme: Could not find solver for: tls-alpn-01
2021/04/20 12:53:33 [INFO] [www.mail.domain.tld] acme: use http-01 solver
2021/04/20 12:53:33 [INFO] [ftp.mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:53:46 [INFO] [ftp.mail.domain.tld] The server validated our request
2021/04/20 12:53:46 [INFO] [smtp.mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:53:50 [INFO] [smtp.mail.domain.tld] The server validated our request
2021/04/20 12:53:50 [INFO] [mail.mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:53:55 [INFO] [mail.mail.domain.tld] The server validated our request
2021/04/20 12:53:55 [INFO] [mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:53:57 [INFO] [mail.domain.tld] The server validated our request
2021/04/20 12:53:57 [INFO] [pop.mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:54:04 [INFO] [pop.mail.domain.tld] The server validated our request
2021/04/20 12:54:04 [INFO] [www.mail.domain.tld] acme: Trying to solve HTTP-01
2021/04/20 12:54:11 [INFO] [www.mail.domain.tld] The server validated our request
2021/04/20 12:54:11 [INFO] [mail.domain.tld, www.mail.domain.tld, mail.mail.domain.tld, ftp.mail.domain.tld, pop.mail.domain.tld, smtp.mail.domain.tld] acme: Validations succeeded; requesting certificates
2021/04/20 12:54:17 [INFO] [mail.domain.tld] Server responded with a certificate.
+ '[' 0 -eq 0 ']'
++ grep '^subjectAltName' /usr/local/directadmin/conf/ca.san_config
++ cut -d, -f1
++ perl -p0 -e 's|DNS:||g'
++ cut -d= -f2
++ tr '*' _
+ CERT_DOMAIN_FILE=mail.domain.tld
+ '[' -s /usr/local/directadmin/data/admin/.lego/certificates/mail.domain.tld.crt ']'
+ cp -pf /usr/local/directadmin/data/admin/.lego/certificates/mail.domain.tld.crt /usr/local/directadmin/conf/cacert.pem.new
+ echo -n 'Checking Certificate Private key match... '
Checking Certificate Private key match... ++ checkPrivPubMatch /usr/local/directadmin/conf/cakey.pem.new /usr/local/directadmin/conf/cacert.pem.new
++ PRIV=/usr/local/directadmin/conf/cakey.pem.new
++ PUB=/usr/local/directadmin/conf/cacert.pem.new
++ '[' -f /usr/local/directadmin/conf/cakey.pem.new ']'
++ '[' -f /usr/local/directadmin/conf/cacert.pem.new ']'
++ true
+++ openssl pkey -pubout -in /usr/local/directadmin/conf/cakey.pem.new
+++ openssl md5
++ MD5SUMPRIVMOD='(stdin)= 8132b2429a37eed5767018e1f9e3bfda'
+++ openssl x509 -pubkey -in /usr/local/directadmin/conf/cacert.pem.new -noout
+++ openssl md5
++ MD5SUMPUBMOD='(stdin)= 8132b2429a37eed5767018e1f9e3bfda'
++ '[' '(stdin)= 8132b2429a37eed5767018e1f9e3bfda' = '(stdin)= 8132b2429a37eed5767018e1f9e3bfda' ']'
++ echo 0
+ CHECKPRIVPUBRES=0
+ '[' 0 -eq 0 ']'
+ echo 'Match!'
Match!
+ '[' '!' -s /usr/local/directadmin/conf/cakey.pem.new ']'
+ '[' '!' -s /usr/local/directadmin/conf/cacert.pem.new ']'
+ /bin/mv -f /usr/local/directadmin/conf/cakey.pem.new /usr/local/directadmin/conf/cakey.pem
+ /bin/mv -f /usr/local/directadmin/conf/cacert.pem.new /usr/local/directadmin/conf/cacert.pem
+ '[' -s /usr/local/directadmin/data/admin/.lego/certificates/mail.domain.tld.issuer.crt ']'
+ cat /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/data/admin/.lego/certificates/mail.domain.tld.issuer.crt
+ date +%s
+ chown diradmin:access /usr/local/directadmin/conf/cakey.pem /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/cacert.pem.combined /usr/local/directadmin/conf/carootcert.pem /usr/local/directadmin/conf/ca.csr /usr/local/directadmin/conf/cacert.pem.creation_time
+ chmod 640 /usr/local/directadmin/conf/cakey.pem /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/cacert.pem.combined /usr/local/directadmin/conf/carootcert.pem /usr/local/directadmin/conf/ca.csr /usr/local/directadmin/conf/cacert.pem.creation_time
+ '[' 1 -eq 1 ']'
+ echo 'DirectAdmin certificate has been setup.'
DirectAdmin certificate has been setup.
+ echo 'Setting up cert for Exim...'
Setting up cert for Exim...
+ EXIMKEY=/etc/exim.key
+ EXIMCERT=/etc/exim.cert
+ cp -f /usr/local/directadmin/conf/cakey.pem /etc/exim.key
+ cat /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/carootcert.pem
+ chown mail:mail /etc/exim.key /etc/exim.cert
+ chmod 600 /etc/exim.key /etc/exim.cert
+ echo 'action=exim&value=restart'
+ echo 'action=dovecot&value=restart'
+ echo 'Setting up cert for WWW server...'
Setting up cert for WWW server...
+ '[' -d /etc/httpd/conf/ssl.key ']'
+ '[' -d /etc/nginx/ssl.key ']'
+ '[' -d /etc/nginx/ssl.crt ']'
+ NGINXKEY=/etc/nginx/ssl.key/server.key
+ NGINXCERT=/etc/nginx/ssl.crt/server.crt
+ NGINXCACERT=/etc/nginx/ssl.crt/server.ca
+ NGINXCERTCOMBINED=/etc/nginx/ssl.crt/server.crt.combined
+ cp -f /usr/local/directadmin/conf/cakey.pem /etc/nginx/ssl.key/server.key
+ cp -f /usr/local/directadmin/conf/cacert.pem /etc/nginx/ssl.crt/server.crt
+ cp -f /usr/local/directadmin/conf/carootcert.pem /etc/nginx/ssl.crt/server.ca
+ cat /etc/nginx/ssl.crt/server.crt /etc/nginx/ssl.crt/server.ca
+ chown root:root /etc/nginx/ssl.key/server.key /etc/nginx/ssl.crt/server.crt /etc/nginx/ssl.crt/server.ca /etc/nginx/ssl.crt/server.crt.combined
+ chmod 600 /etc/nginx/ssl.key/server.key /etc/nginx/ssl.crt/server.crt /etc/nginx/ssl.crt/server.ca /etc/nginx/ssl.crt/server.crt.combined
+ echo 'action=nginx&value=restart&affect_php_fpm=no'
+ '[' -d /usr/local/lsws/ssl.key ']'
+ '[' -d /usr/local/lsws/ssl.crt ']'
+ OLSKEY=/usr/local/lsws/ssl.key/server.key
+ OLSCERT=/usr/local/lsws/ssl.crt/server.crt
+ OLSCACERT=/usr/local/lsws/ssl.crt/server.ca
+ OLSCERTCOMBINED=/usr/local/lsws/ssl.crt/server.crt.combined
+ cp -f /usr/local/directadmin/conf/cakey.pem /usr/local/lsws/ssl.key/server.key
+ cp -f /usr/local/directadmin/conf/cacert.pem /usr/local/lsws/ssl.crt/server.crt
+ cp -f /usr/local/directadmin/conf/carootcert.pem /usr/local/lsws/ssl.crt/server.ca
+ cat /usr/local/lsws/ssl.crt/server.crt /usr/local/lsws/ssl.crt/server.ca
+ chown root:root /usr/local/lsws/ssl.key/server.key /usr/local/lsws/ssl.crt/server.crt /usr/local/lsws/ssl.crt/server.ca /usr/local/lsws/ssl.crt/server.crt.combined
+ chmod 600 /usr/local/lsws/ssl.key/server.key /usr/local/lsws/ssl.crt/server.crt /usr/local/lsws/ssl.crt/server.ca /usr/local/lsws/ssl.crt/server.crt.combined
+ echo 'action=openlitespeed&value=restart&affect_php_fpm=no'
+ echo 'Setting up cert for FTP server...'
Setting up cert for FTP server...
+ cat /usr/local/directadmin/conf/cakey.pem /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/carootcert.pem
+ chmod 600 /etc/pure-ftpd.pem
+ chown root:root /etc/pure-ftpd.pem
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^pureftp=1$'
+ echo 'action=proftpd&value=restart'
+ echo 'action=directadmin&value=restart'
+ echo 'The services will be restarted in about 1 minute via the dataskq.'
The services will be restarted in about 1 minute via the dataskq.
+ run_dataskq
+ DATASKQ_OPT=
+ /usr/local/directadmin/dataskq --custombuild

+ echo 'Certificate for mail.domain.tld has been created successfully!'
Certificate for mail.domain.tld has been created successfully!

The test with the actual version of letsencrypt.sh

# staging=yes bash -x ./letsencrypt.sh request mail.domain.tld
++ /usr/bin/id -u
+ MYUID=0
+ '[' 0 '!=' 0 ']'
+ export EXEC_PROPAGATION_TIMEOUT=300
+ EXEC_PROPAGATION_TIMEOUT=300
+ export EXEC_POLLING_INTERVAL=5
+ EXEC_POLLING_INTERVAL=5
+ LEGO=/usr/local/bin/lego
+ DNS_SERVER=8.8.8.8
+ DNS6_SERVER=2001:4860:4860::8888
+ NEW_IP=1.1.1.1
+ NEW6_IP=2606:4700:4700::1111
+ DA_IPV6=false
+ TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb
+ LEGO_DATA_PATH=/usr/local/directadmin/data/.lego
+ '[' 2 -lt 2 ']'
+ '[' 2 -lt 3 ']'
+ KEY_SIZE=ec256
+ ECC_USED=true
+ ECC=secp384r1
+ KEY_SIZE=
+ '[' '' = secp384r1 ']'
+ '[' '' = prime256v1 ']'
+ '[' '' = 4096 ']'
+ '[' '' = 2048 ']'
+ '[' '' = 8192 ']'
+ ECC=prime256v1
+ KEY_SIZE=ec256
+ ECC_USED=true
+ DA_BIN=/usr/local/directadmin/directadmin
+ '[' '!' -s /usr/local/directadmin/directadmin ']'
+ '[' request = present ']'
+ '[' request = cleanup ']'
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^ipv6=1$'
+ CURL=/usr/local/bin/curl
+ '[' '!' -x /usr/local/bin/curl ']'
+ DIG=/usr/bin/dig
+ '[' '!' -x /usr/bin/dig ']'
+ '[' yes = yes ']'
+ API_URI=acme-staging-v02.api.letsencrypt.org
+ API=https://acme-staging-v02.api.letsencrypt.org
+ CHALLENGETYPE=http
+ GENERAL_TIMEOUT=40
+ CURL_OPTIONS='--connect-timeout 40 -k --silent'
++ uname
+ OS=Linux
+ OPENSSL=/usr/bin/openssl
++ date +%s
+ TIMESTAMP=1618935614
++ /usr/local/directadmin/directadmin c
++ cut -d= -f2
++ grep '^letsencrypt='
+ LETSENCRYPT_OPTION=1
++ /usr/local/directadmin/directadmin c
++ grep '^secure_access_group='
++ cut -d= -f2
+ ACCESS_GROUP_OPTION=access
+ FILE_CHOWN=diradmin:mail
+ FILE_CHMOD=640
+ '[' access '!=' '' ']'
+ FILE_CHOWN=diradmin:access
+ '[' '!' -x /usr/local/bin/lego ']'
+ DOCUMENT_ROOT=
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' '!' -z '' ']'
+ APPEND_SERVER='-s https://acme-staging-v02.api.letsencrypt.org/directory'
++ hostname -f
+ SERVER_HOSTNAME=mail.domain.tld
+ '[' -z mail.domain.tld ']'
+ '[' '!' -s /usr/local/directadmin/data/users/admin/user.conf ']'
+ ADMIN_USERCONF=/usr/local/directadmin/data/users/admin/user.conf
+ '[' '!' -z /usr/local/directadmin/data/users/admin/user.conf ']'
+ '[' -s /usr/local/directadmin/data/users/admin/user.conf ']'
++ grep -m1 '^email=' /usr/local/directadmin/data/users/admin/user.conf
++ cut -d= -f2
++ cut -d, -f1
+ EMAIL=[email protected]
+ '[' -z [email protected] ']'
+ DOMAIN=mail.domain.tld
+ CHILD_DOMAIN=false
+ '[' '' '!=' yes ']'
+ FOUNDDOMAIN=0
++ echo mail.domain.tld
++ tr , ' '
+ for TDOMAIN in '`echo "${DOMAIN}" | tr '\'','\'' '\'' '\''`'
+ DOMAIN_NAME_FOUND=mail.domain.tld
++ echo mail.domain.tld
++ perl -p0 -e 's#\.#\\.#g'
+ DOMAIN_ESCAPED='mail\.puyehuechile\.cl'
+ grep -m1 -q '^mail\.puyehuechile\.cl:' /etc/virtual/domainowners
+ '[' 0 = 0 ']'
++ echo mail.domain.tld
++ tr , ' '
+ for TDOMAIN in '`echo "${DOMAIN}" | tr '\'','\'' '\'' '\''`'
++ echo mail.domain.tld
++ grep -o '\.'
++ wc -l
+ '[' 2 -gt 1 ']'
++ echo mail.domain.tld
++ cut -d. -f1
+ CHILD_NAME=mail
++ echo mail.domain.tld
++ perl -p0 -e 's|^[^\.]*\.||g'
+ PARENT_DOMAIN_NAME_FOUND=domain.tld
++ echo domain.tld
++ perl -p0 -e 's#\.#\\.#g'
+ PARENT_DOMAIN_ESCAPED='puyehuechile\.cl'
++ grep -m1 '^puyehuechile\.cl:' /etc/virtual/domainowners
++ cut '-d ' -f2
+ PARENT_DOMAIN_OWNER_USER=puyehuec
+ '[' -s /usr/local/directadmin/data/users/puyehuec/domains/domain.tld.subdomains ']'
+ '[' 0 = 0 ']'
++ echo mail.domain.tld
++ tr , ' '
+ for TDOMAIN in '`echo "${DOMAIN}" | tr '\'','\'' '\'' '\''`'
++ echo mail.domain.tld
++ grep -o '\.'
++ wc -l
+ '[' 2 -gt 1 ']'
+ '[' 0 = 0 ']'
++ echo mail.domain.tld
++ cut -d. -f1
+ CHILD_NAME=mail
++ echo mail.domain.tld
++ perl -p0 -e 's|^[^\.]*\.||g'
+ PARENT_DOMAIN_NAME_FOUND=domain.tld
++ echo domain.tld
++ perl -p0 -e 's#\.#\\.#g'
+ PARENT_DOMAIN_ESCAPED='puyehuechile\.cl'
++ grep -m1 '^puyehuechile\.cl:' /etc/virtual/domainowners
++ cut '-d ' -f2
+ PARENT_DOMAIN_OWNER_USER=puyehuec
++ /usr/local/directadmin/directadmin c
++ cut -d= -f2
++ grep -m1 '^letsencrypt_list='
++ tr : ' '
+ LETSENCRYPT_LIST='www mail ftp pop smtp'
+ for letsencrypt_prefix in '${LETSENCRYPT_LIST}'
+ '[' mail = www ']'
+ for letsencrypt_prefix in '${LETSENCRYPT_LIST}'
+ '[' mail = mail ']'
+ DOMAIN_NAME_FOUND=mail.domain.tld
++ echo mail.domain.tld
++ perl -p0 -e 's#\.#\\.#g'
+ DOMAIN_ESCAPED='mail\.puyehuechile\.cl'
+ USER=puyehuec
+ HOSTNAME=0
+ FOUNDDOMAIN=1
+ CHILD_DOMAIN=true
+ break
+ '[' 1 = 0 ']'
+ '[' 1 -eq 0 ']'
+ CSR_CF_FILE=
+ DA_USERDIR=/usr/local/directadmin/data/users/puyehuec
+ DA_CONFDIR=/usr/local/directadmin/conf
+ HOSTNAME_DIR=/var/www/html
+ '[' '!' -d /usr/local/directadmin/data/users/puyehuec ']'
+ '[' '!' -d /usr/local/directadmin/conf ']'
+ '[' 0 -eq 0 ']'
+ DNSPROVIDER_FALLBACK=/usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.dnsprovider
+ '[' -s /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.dnsprovider ']'
+ KEY=/usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.key
+ CERT=/usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert
+ CACERT=/usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cacert
+ '[' '' '!=' '' ']'
+ /usr/local/directadmin/directadmin c
+ grep -m1 -q '^letsencrypt=2$'
+ DOMAIN_DIR=/var/www/html
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ '[' -s /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert ']'
+ '[' request = request ']'
+ echo mail.domain.tld
+ grep -m1 -q ,
+ '[' -s '' ']'
+ '[' -s /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert ']'
+ '[' 0 -eq 0 ']'
+ true
+ '[' '!' -e /var/www/html ']'
+ echo mail.domain.tld
+ grep -m1 -q ,
+ DOMAINS=mail.domain.tld
+ DOMAIN_FLAG='-d mail.domain.tld'
+ FIRST_DOMAIN=mail.domain.tld
+ CHALLENGETYPE=http
+ '[' -s /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.dnsprovider ']'
+ '[' '!' -z '' ']'
+ echo '-d mail.domain.tld'
+ grep -m1 -q '*\.'
++ echo mail.domain.tld
++ perl -p0 -e 's/,/ /g'
++ perl -p0 -e 's/^\*.//g'
+ for domain_name in '`echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`'
+ caa_check mail.domain.tld
+ CAA_OK=true
++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
++ echo mail.domain.tld
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ /usr/bin/dig CAA domain.tld @8.8.8.8
+ grep -m1 -q -F -- SERVFAIL
+ for i in '`echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''`'
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8 +short
+ grep -m1 -q -F -- issue
+ grep -m1 -q -F -- SERVFAIL
+ /usr/bin/dig CAA mail.domain.tld @8.8.8.8
+ true
+ '[' http = http ']'
+ challenge_check mail.domain.tld
+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'
++ openssl rand -hex 8
+ RAND_BITS=0ceebce1c7e17330
+ TEMP_FILENAME=letsencrypt_1618935614_0ceebce1c7e17330
+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330
+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330
+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330
+ CURL_RESOLV_OPTIONS=
++ /usr/bin/dig @8.8.8.8 AAAA mail.domain.tld +short
++ grep -v '\.$'
++ tail -n1
+ IP_TO_RESOLV=
+ '[' 0 -eq 9 ']'
+ echo ''
+ grep -m1 -q :
+ IP_TO_RESOLV=
+ '[' -z '' ']'
++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
++ tail -n1
+ IP_TO_RESOLV=1.2.3.4
++ tail -n1
++ /usr/bin/dig mail.domain.tld +short
+ CURRENT_RESOLV=1.2.3.4
+ '[' -z 1.2.3.4 ']'
+ '[' -x /sbin/ping6 ']'
+ false
+ ping6 -q -c 1 -W 1 mail.domain.tld
++ /usr/bin/dig @8.8.8.8 mail.domain.tld +short
++ tail -n1
+ IP_TO_RESOLV=1.2.3.4
++ /usr/bin/dig mail.domain.tld +short
++ tail -n1
+ CURRENT_RESOLV=1.2.3.4
+ '[' '!' -z 1.2.3.4 ']'
+ /usr/local/bin/curl --help connection
+ grep -m1 -q resolve
+ CURL_RESOLV_OPTIONS='--resolve mail.domain.tld:80:1.2.3.4 --resolve mail.domain.tld:443:1.2.3.4'
+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve mail.domain.tld:80:1.2.3.4 --resolve mail.domain.tld:443:1.2.3.4 -I -L -X GET http://mail.domain.tld/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330
+ grep -m1 -q 'HTTP.*200'
+ '[' '' = silent ']'
+ '[' -e /var/www/html/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330 ']'
+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1618935614_0ceebce1c7e17330
+ '[' request = request_full ']'
+ '[' request = request_single ']'
+ '[' request = request ']'
+ /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 8.8.8.8 --accept-tos -s https://acme-staging-v02.api.letsencrypt.org/directory -m [email protected] --http --http.webroot /var/www/html -d mail.domain.tld --key-type ec256 run --no-bundle
2021/04/20 12:20:15 [INFO] [mail.domain.tld] acme: Obtaining SAN certificate
2021/04/20 12:20:16 [INFO] [mail.domain.tld] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/31752549
2021/04/20 12:20:16 [INFO] [mail.domain.tld] acme: authorization already valid; skipping challenge
2021/04/20 12:20:16 [INFO] [mail.domain.tld] acme: Validations succeeded; requesting certificates
2021/04/20 12:20:18 [INFO] [mail.domain.tld] Server responded with a certificate.
+ '[' 0 -eq 0 ']'
+ '[' '' '!=' yes ']'
++ echo mail.domain.tld
++ tr '*' _
+ CERT_DOMAIN_FILE=mail.domain.tld
+ LEGO_CERT_PATH=/usr/local/directadmin/data/.lego/certificates/mail.domain.tld.crt
+ LEGO_KEY_PATH=/usr/local/directadmin/data/.lego/certificates/mail.domain.tld.key
++ echo /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.crt
++ perl -p0 -e 's|\.crt$|.issuer.crt|g'
+ LEGO_ISSUER_CERT_PATH=/usr/local/directadmin/data/.lego/certificates/mail.domain.tld.issuer.crt
+ '[' -s /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.crt ']'
+ '[' -s /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.key ']'
++ grep -c 'BEGIN CERTIFICATE' /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.crt
+ '[' 3 -eq 1 ']'
+ /usr/bin/openssl x509 -in /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.crt -out /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert
+ cp -pf /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.key /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.key
+ '[' -s /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.issuer.crt ']'
+ cp -pf /usr/local/directadmin/data/.lego/certificates/mail.domain.tld.issuer.crt /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cacert
+ cat /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cacert
+ date +%s
+ chown diradmin:access /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.key /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert.combined /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cacert /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert.creation_time
+ chmod 640 /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.key /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert.combined /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cacert /usr/local/directadmin/data/users/puyehuec/domains/mail.domain.tld.cert.creation_time
+ echo 'Certificate for mail.domain.tld has been created successfully!'
Certificate for mail.domain.tld has been created successfully!
+ '[' '' '!=' yes ']'
+ '[' 0 -eq 1 ']'

Any ideas?

Thanks!
Regards
 
That domain can steal mail.domain.com anytime :) I'd suggest taking mail out of letsencrypt_list list in /usr/local/directadmin/conf/directadmin.conf, this should solve your problem.

Per-domain mail.domain.com should still be valid for all the incoming connections of any other accounts, as SNI is in effect. It'd may require pre-release of DA to be 'recognized' though.
 
Hi!

But why with a older version of letsencrypt.sh the certificate is generated and installed without problems?


Or, if directadmin knows what is the domain associated to the hostname (servername in directadmin.conf) , why the process of the certificate for the hostname/server wide isnt handle different of the certificates associated to the hosting accounts?

something like, ./lestencrypt.sh request --hostname $servername 4096

To avoid the iteration of the script trying to associate the certificate to a parent domain of a hosting account.

If can be a know problem, why not create a difference to avoid the issue?

is a opportunity not a bug :)

Thanks!
 
But why with a older version of letsencrypt.sh the certificate is generated and installed without problems?
Because it did not support separate certificates for subdomains.

Domain/subdomain takes a priority over a hostname. So, if you make it not to think it's a domain entry - it'd generate certificate for the hostname them. Now you have mail.domain.com defined as domain.com entry in directadmin.conf.
 
Now you have mail.domain.com defined as domain.com entry in directadmin.conf.
That's what always has disturbed me in cPanel, where this is a default. Never liked that. I like the difference in DA much more stating it as mail.domain.com which is also more clear that it's about mail and not the domain.
 
Back
Top