LetsEncrypt request fails because wrong domain being used in request to LE API

[gvsteyvo]

I recently came across this issue that the LetsEncrypt request process (User Level / SSL Certificates) fails because the process uses the data from the
/usr/local/directadmin/data/users/admin/user.conf file to request the certificate at LetsEncrypt, rather than the real domain name I'm requesting the cert for. Let's say the domain is gvsteyvo.be and that the username on the system is gvsteyvo, so it should use the parameters /usr/local/directadmin/data/users/gvsteyvo/user.conf.

In the general /usr/local/directadmin/data/users/admin/user.conf file, the domain name is listed as example.com, so this is what the request to LE looks like when doing it from DA:

Found wildcard domain name and http challenge type, switching to dns-01 validation.
2025/08/19 12:12:25 No key found for account [email protected]. Generating a P256 key.
2025/08/19 12:12:25 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2025/08/19 12:12:25 [INFO] acme: Registering account for [email protected]
2025/08/19 12:12:26 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietfarams:acme:error:invalidContact :: Error validating contact(s) :: contact email has forbidden domain "example.com"
Failed to issue new certificate

Which ofcourse is refused.

Any known workarounds (other than me manipulating the admin/user.conf file ofcourse)?

 

[zEitEr]

Hello,

Is there any chance you used the domain gvsteyvo.be as a hostname? Do you have subdomains created in the domain gvsteyvo.be under other user accounts?

How do you request a new certificate? Do you use command line or directadmin interface? Do you renew an existing certificate? Or request a new one?

In anyway you might try and remove *cert, *cacert, *key files from the directory /usr/local/directadmin/data/users/gvsteyvo/domains/ and try again.