Richard G
Verified User
Then probably you are on a legacy license, because then it only contains the index.html. The security.txt is for modern license only.
If you do have a modern license, did you enable security.txt in the user package?
Setup seems to be stuck on Trying to issue automatic TLS certificate
- Thread starter grandm1961
- Start date
If you do have a modern license, did you enable security.txt in the user package?
Richard G
Verified User
Those are in /home/admin/domains/default and same for resellers /home/resellername/domains/default directory.
grandm1961
Verified User
What is a legacy licence? I have a personal plus license.
And yes, the security.txt enabled.
Richard G
Verified User
Not public, but not only generated from socket but from template.
/usr/local/directadmin/data/templates/security.txt
Richard G
Verified User
Personal plus is also a modern license. Then you should check if security.txt is enabled in the user package.
The template file is here, but is filled by DA, so you don't need to change it.
/usr/local/directadmin/data/templates/security.txt
grandm1961
Verified User
This is what's in the /usr/local/directadmin/data/templates/security.txt
Contact: mailto:|EMAILADDRESS|
Expires: |EXPIRES|
Richard G
Verified User
Yes I know. As said, this file will be used and filled automatically when enabled for a user in the user packages.
Edit: In the personal plus license you should have it enabled for admin or possible to enable it for admin in de user options.
Richard G
Verified User
Additionally, you can use this script to turn it on for all users:
grandm1961
Verified User
Doesn't work for me either that script, still stay's the same outcome.
Already made a ticket at Directadmin about it.
Already made a ticket at Directadmin about it.
Last edited:
Richard G
Verified User
Maybe that's the best idea. Please let us know the solution if you get it.
grandm1961
Verified User
There was a issue with ip6 and I had to figure that one out, so in /etc/httpd/ips.conf I added my ip6 address for both ports.
I did the same in /etc/httpd/extra/httpd_vhosts.conf
also I did the same in /usr/local/directadmin/data/users/username/httpd.conf in brackets [ ]
Then I had to give in all the domains dns into the acme settings for TLS running here on my server, otherwise the SSL won't work
Tried to make a new SSL request and in /usr/local/directadmin/data/users/username/httpd.conf the ip6 disappeared again from the virtualhost
So on my /usr/local/directadmin/conf/directadmin.conf I added the ip6 to my lan_ip after the ip4 saved it and restarted the httpd and Directadmin so hopefully it sticks now.
the security.txt now shows no error and instead it shows the corresponding email address
Fingers crossed that it stays that way, also I had a look at the server IPs management and there are 3 ip's one internal linked to nothing
and the ip6 linked to the ip4 and only dns not apache and vice versa.
Everything is working for now, I might have overlooked something but time will tell.
What I just wrote is also to Directadmin just in case I made a mistake, and they will let me know.
zEitEr
Super Moderator
Richard G
Verified User
I doubt if everything will keep working correctly if you haev done all manually, so lets keep our hopes up.
However, are you sure you linked the ipv6 to your ipv4 and not the other way around?
Normally in ip manager, you have to click the ipv4 and then select the ipv6 you want linked to it, so no clicking ipv6. If you did that and selected the ipv4, then that would cause ipv6 not working correctly and being absent from apache.
Indeed an ipv6 issue was already mentioned in the other post.
Today I just install new server Almalinux9 and went well include pre-define hostname that using DNS from the cloudflare with "grey cloud".
IP Link still working normally, please ensure in the IP Manager, you must access to the primary ipv4 and tab to IP Link to link the ipv6 with tick all the option of IP Link.
IP Link still working normally, please ensure in the IP Manager, you must access to the primary ipv4 and tab to IP Link to link the ipv6 with tick all the option of IP Link.
grandm1961
Verified User
well it stays weird, as what you all suggested the security gives the error again.
yet the outcome of curl -6 -IL is this:
[root@server ~]# curl -6 -IL http://duraweb.eu
HTTP/1.1 200 OK
Date: Sat, 09 Aug 2025 16:12:02 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 07 Aug 2025 13:59:45 GMT
ETag: "2f-63bc6deaa2793"
Accept-Ranges: bytes
Content-Length: 47
Vary: User-Agent
Content-Type: text/html
[root@server ~]# curl -6 -IL https://duraweb.eu
HTTP/2 200
last-modified: Thu, 07 Aug 2025 13:59:45 GMT
etag: "2f-63bc6deaa2793"
accept-ranges: bytes
content-length: 47
vary: User-Agent
content-type: text/html
date: Sat, 09 Aug 2025 16:12:15 GMT
server: Apache/2
That seems to be right, but why the error in security.txt????
if I do as I mentioned before it all checks out good but when requesting a nes SSL the ip6 disappears from the virtualhost.
So I still can't get it right, and I have no idea on how to fix this
yet the outcome of curl -6 -IL is this:
[root@server ~]# curl -6 -IL http://duraweb.eu
HTTP/1.1 200 OK
Date: Sat, 09 Aug 2025 16:12:02 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 07 Aug 2025 13:59:45 GMT
ETag: "2f-63bc6deaa2793"
Accept-Ranges: bytes
Content-Length: 47
Vary: User-Agent
Content-Type: text/html
[root@server ~]# curl -6 -IL https://duraweb.eu
HTTP/2 200
last-modified: Thu, 07 Aug 2025 13:59:45 GMT
etag: "2f-63bc6deaa2793"
accept-ranges: bytes
content-length: 47
vary: User-Agent
content-type: text/html
date: Sat, 09 Aug 2025 16:12:15 GMT
server: Apache/2
That seems to be right, but why the error in security.txt????
if I do as I mentioned before it all checks out good but when requesting a nes SSL the ip6 disappears from the virtualhost.
So I still can't get it right, and I have no idea on how to fix this
Can you take the screenshort on the IP Link tab ?
It should show something like this
and just test with
After execute this CMD, it should have the both IP in the virtualhost.
It should show something like this
Code:
{ IPV6 } ........ Added to DNS ( Yes ) Added to Apache ( Yes )and just test with
Code:
da build rewrite_confs
Last edited:
grandm1961
Verified User
Well, i installed everything from scratch again and this time without ip6 enabled.
and this is so far what the bash -x /usr/local/directadmin/scripts/letsencrypt.sh is given me: i will be patient and what it all shows beats me but to me it looks right, and waiting patiently for it to finish the SAN certificate.
Bash:
Last login: Tue Aug 12 19:04:32 CEST 2025 on pts/1
[admin@server ~]$ su root
Password:
[root@server admin]# bash -x /usr/local/directadmin/scripts/letsencrypt.sh request server.duraweb.eu
+ export EXEC_PROPAGATION_TIMEOUT=300
+ EXEC_PROPAGATION_TIMEOUT=300
+ export EXEC_POLLING_INTERVAL=30
+ EXEC_POLLING_INTERVAL=30
+ DNS_SERVER=8.8.8.8
+ DNS6_SERVER=2001:4860:4860::8888
+ DA_IPV6=false
+ LEGO_DATA_PATH=/usr/local/directadmin/data/.lego
+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
+ SERVER_CERT_DNSPROVIDER_ENV=/usr/local/directadmin/conf/ca.dnsprovider
+ DNS_SERVERS=("8.8.8.8" "1.1.1.1" "2001:4860:4860::8888" "2606:4700:4700::1111")
++ id -u
+ '[' 0 '!=' 0 ']'
+ '[' '!' -x /usr/local/bin/lego ']'
+ case "$1" in
+ command_do_everything request server.duraweb.eu '' ''
+ local action=request
+ DOMAIN=server.duraweb.eu
+ KEY_SIZE=
+ CSR_CF_FILE=
++ da config-get ipv6
+ '[' 1 = 1 ']'
+ command -v ping6
+ ping6 -q -c 1 -W 1 2001:4860:4860::8888
+ CHALLENGETYPE=http
++ da config-get servername
+ DA_HOSTNAME=server.duraweb.eu
+ CHILD_DOMAIN=false
+ FOUNDDOMAIN=0
++ echo server.duraweb.eu
++ tr , ' '
+ for TDOMAIN in $(echo "${DOMAIN}" | tr ',' ' ')
+ '[' server.duraweb.eu = server.duraweb.eu ']'
+ break
+ '[' 0 = 0 ']'
++ echo server.duraweb.eu
++ tr , ' '
+ for TDOMAIN in $(echo "${DOMAIN}" | tr ',' ' ')
+ '[' server.duraweb.eu = server.duraweb.eu ']'
+ break
+ '[' 0 = 0 ']'
++ da config-get letsencrypt_list
++ tr : ' '
+ LETSENCRYPT_LIST='www mail ftp pop smtp'
++ echo server.duraweb.eu
++ tr , ' '
+ for TDOMAIN in $(echo "${DOMAIN}" | tr ',' ' ')
+ '[' server.duraweb.eu = server.duraweb.eu ']'
+ break
+ '[' 0 = 0 ']'
++ echo server.duraweb.eu
++ tr , ' '
+ for TDOMAIN in $(echo "${DOMAIN}" | tr ',' ' ')
+ DOMAIN_NAME_FOUND=server.duraweb.eu
+ DOMAIN_ESCAPED='server\.duraweb\.eu'
+ USER=root
+ '[' server.duraweb.eu = server.duraweb.eu ']'
+ echo 'Setting up certificate for a hostname: server.duraweb.eu'
Setting up certificate for a hostname: server.duraweb.eu
+ HOSTNAME=1
+ FOUNDDOMAIN=1
+ grep -m1 -q '^server\.duraweb\.eu$' /etc/virtual/domains
+ break
+ '[' 1 -eq 0 ']'
+ DA_USERDIR=/usr/local/directadmin/data/users/root
+ DA_CONFDIR=/usr/local/directadmin/conf
+ '[' '!' -d /usr/local/directadmin/data/users/root ']'
+ '[' 1 -eq 0 ']'
+ '[' '!' -d /usr/local/directadmin/conf ']'
+ '[' 1 -eq 0 ']'
+ DNSPROVIDER_FALLBACK=/usr/local/directadmin/conf/ca.dnsprovider
+ KEY=/usr/local/directadmin/conf/cakey.pem
+ CERT=/usr/local/directadmin/conf/cacert.pem
+ CACERT=/usr/local/directadmin/conf/carootcert.pem
+ '[' -s /usr/local/directadmin/conf/cacert.pem ']'
+ '[' request = request ']'
+ echo server.duraweb.eu
+ grep -m1 -q ,
+ '[' -s '' ']'
+ '[' -s /usr/local/directadmin/conf/cacert.pem ']'
+ '[' 1 -eq 0 ']'
+ CHALLENGETYPE=http
+ '[' -s /usr/local/directadmin/conf/ca.dnsprovider ']'
+ '[' 1 -ne 0 ']'
++ da config-get acme_server_cert_dns_provider
+ dnsprovider=
+ '[' -n '' ']'
+ echo server.duraweb.eu
+ grep -m1 -q '\*\.'
+ '[' http = http ']'
+ RESOLVING_DOMAINS=
++ echo server.duraweb.eu
++ perl -p0 -e 's/,/ /g'
++ perl -p0 -e 's/^\*.//g'
+ for domain_name in $(echo "${DOMAIN}" | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g")
+ has_webserver
+ '[' -z '' ']'
+ ss --no-header --listening --numeric --tcp 'sport = 80'
+ grep --quiet LISTEN
+ has_webserver_rc=0
+ return 0
+ challenge_check server.duraweb.eu silent
++ openssl rand -hex 16
+ TEMP_FILENAME=letsencrypt_004dc4867db669c2889d71370b67bb81
+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_004dc4867db669c2889d71370b67bb81
+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_004dc4867db669c2889d71370b67bb81
++ fallbackedDig AAAA server.duraweb.eu +short
++ lastret=1
++ for i in "${DNS_SERVERS[@]}"
++ grep -v '\.$'
++ tail -n1
+++ dig @8.8.8.8 AAAA server.duraweb.eu +short
++ resp=
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo ''
++ return 0
+ IP_TO_RESOLV=
+ echo ''
+ grep -m1 -q :
+ IP_TO_RESOLV=
+ '[' -z '' ']'
++ fallbackedDig server.duraweb.eu +short
++ lastret=1
++ for i in "${DNS_SERVERS[@]}"
++ tail -n1
+++ dig @8.8.8.8 server.duraweb.eu +short
++ resp=195.240.80.244
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo 195.240.80.244
++ return 0
+ IP_TO_RESOLV=195.240.80.244
+ '[' -z 195.240.80.244 ']'
+ command -v ping6
+ false
+ ping6 -q -c 1 -W 1 server.duraweb.eu
++ fallbackedDig server.duraweb.eu +short
++ lastret=1
++ tail -n1
++ for i in "${DNS_SERVERS[@]}"
+++ dig @8.8.8.8 server.duraweb.eu +short
++ resp=195.240.80.244
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo 195.240.80.244
++ return 0
+ IP_TO_RESOLV=195.240.80.244
+ CURL_OPTIONS=('--connect-timeout' '40' '-k' '--silent')
+ local CURL_OPTIONS
+ '[' -n 195.240.80.244 ']'
+ CURL_OPTIONS+=("--resolve" "${1}:80:${IP_TO_RESOLV}" "--resolve" "${1}:443:${IP_TO_RESOLV}")
+ curl --connect-timeout 40 -k --silent --resolve server.duraweb.eu:80:195.240.80.244 --resolve server.duraweb.eu:443:195.240.80.244 -I -L -X GET [URL]http://server.duraweb.eu/.well-known/acme-challenge/letsencrypt_004dc4867db669c2889d71370b67bb81[/URL]
+ grep -m1 -q 'HTTP.*200'
+ '[' silent = silent ']'
+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_004dc4867db669c2889d71370b67bb81
+ return 0
+ '[' -z '' ']'
+ RESOLVING_DOMAINS=server.duraweb.eu
+ '[' -z server.duraweb.eu ']'
+ DOMAIN=server.duraweb.eu
++ echo server.duraweb.eu
++ perl -p0 -e 's/,/ /g'
++ perl -p0 -e 's/^\*.//g'
+ for domain_name in $(echo "${DOMAIN}" | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g")
+ caa_check server.duraweb.eu
+ CAA_OK=true
++ echo server.duraweb.eu
++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'
+ for i in $(echo "$1" | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}')
+ fallbackedDig CAA duraweb.eu +short
+ lastret=1
+ for i in "${DNS_SERVERS[@]}"
+ grep -m1 -q -F -- issue
++ dig @8.8.8.8 CAA duraweb.eu +short
+ resp=
+ lastret=0
+ '[' 0 -eq 0 ']'
+ echo ''
+ return 0
+ fallbackedDig CAA duraweb.eu
+ lastret=1
+ for i in "${DNS_SERVERS[@]}"
+ grep -m1 -q -F -- SERVFAIL
++ dig @8.8.8.8 CAA duraweb.eu
+ resp='
; <<>> DiG 9.16.23-RH <<>> @8.8.8.8 CAA duraweb.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55659
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;duraweb.eu. IN CAA
;; AUTHORITY SECTION:
duraweb.eu. 1800 IN SOA brenda.ns.cloudflare.com. dns.cloudflare.com. 2380491896 10000 2400 604800 1800
;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 12 19:15:46 CEST 2025
;; MSG SIZE rcvd: 103'
+ lastret=0
+ '[' 0 -eq 0 ']'
+ echo '
; <<>> DiG 9.16.23-RH <<>> @8.8.8.8 CAA duraweb.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55659
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;duraweb.eu. IN CAA
;; AUTHORITY SECTION:
duraweb.eu. 1800 IN SOA brenda.ns.cloudflare.com. dns.cloudflare.com. 2380491896 10000 2400 604800 1800
;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 12 19:15:46 CEST 2025
;; MSG SIZE rcvd: 103'
+ return 0
+ for i in $(echo "$1" | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}')
+ fallbackedDig CAA server.duraweb.eu +short
+ lastret=1
+ for i in "${DNS_SERVERS[@]}"
+ grep -m1 -q -F -- issue
++ dig @8.8.8.8 CAA server.duraweb.eu +short
+ resp=
+ lastret=0
+ '[' 0 -eq 0 ']'
+ echo ''
+ return 0
+ fallbackedDig CAA server.duraweb.eu
+ lastret=1
+ for i in "${DNS_SERVERS[@]}"
+ grep -m1 -q -F -- SERVFAIL
++ dig @8.8.8.8 CAA server.duraweb.eu
+ resp='
; <<>> DiG 9.16.23-RH <<>> @8.8.8.8 CAA server.duraweb.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38296
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server.duraweb.eu. IN CAA
;; AUTHORITY SECTION:
duraweb.eu. 1202 IN SOA brenda.ns.cloudflare.com. dns.cloudflare.com. 2380491896 10000 2400 604800 1800
;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 12 19:15:46 CEST 2025
;; MSG SIZE rcvd: 110'
+ lastret=0
+ '[' 0 -eq 0 ']'
+ echo '
; <<>> DiG 9.16.23-RH <<>> @8.8.8.8 CAA server.duraweb.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38296
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server.duraweb.eu. IN CAA
;; AUTHORITY SECTION:
duraweb.eu. 1202 IN SOA brenda.ns.cloudflare.com. dns.cloudflare.com. 2380491896 10000 2400 604800 1800
;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 12 19:15:46 CEST 2025
;; MSG SIZE rcvd: 110'
+ return 0
+ true
+ '[' http = http ']'
+ has_webserver
+ '[' -z 0 ']'
+ return 0
+ challenge_check server.duraweb.eu
++ openssl rand -hex 16
+ TEMP_FILENAME=letsencrypt_2c46d23910426b802ce53ceabb94a13e
+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_2c46d23910426b802ce53ceabb94a13e
+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_2c46d23910426b802ce53ceabb94a13e
++ fallbackedDig AAAA server.duraweb.eu +short
++ lastret=1
++ for i in "${DNS_SERVERS[@]}"
++ grep -v '\.$'
++ tail -n1
+++ dig @8.8.8.8 AAAA server.duraweb.eu +short
++ resp=
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo ''
++ return 0
+ IP_TO_RESOLV=
+ echo ''
+ grep -m1 -q :
+ IP_TO_RESOLV=
+ '[' -z '' ']'
++ fallbackedDig server.duraweb.eu +short
++ lastret=1
++ for i in "${DNS_SERVERS[@]}"
++ tail -n1
+++ dig @8.8.8.8 server.duraweb.eu +short
++ resp=195.240.80.244
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo 195.240.80.244
++ return 0
+ IP_TO_RESOLV=195.240.80.244
+ '[' -z 195.240.80.244 ']'
+ command -v ping6
+ false
+ ping6 -q -c 1 -W 1 server.duraweb.eu
++ fallbackedDig server.duraweb.eu +short
++ lastret=1
++ for i in "${DNS_SERVERS[@]}"
++ tail -n1
+++ dig @8.8.8.8 server.duraweb.eu +short
++ resp=195.240.80.244
++ lastret=0
++ '[' 0 -eq 0 ']'
++ echo 195.240.80.244
++ return 0
+ IP_TO_RESOLV=195.240.80.244
+ CURL_OPTIONS=('--connect-timeout' '40' '-k' '--silent')
+ local CURL_OPTIONS
+ '[' -n 195.240.80.244 ']'
+ CURL_OPTIONS+=("--resolve" "${1}:80:${IP_TO_RESOLV}" "--resolve" "${1}:443:${IP_TO_RESOLV}")
+ curl --connect-timeout 40 -k --silent --resolve server.duraweb.eu:80:195.240.80.244 --resolve server.duraweb.eu:443:195.240.80.244 -I -L -X GET [URL]http://server.duraweb.eu/.well-known/acme-challenge/letsencrypt_2c46d23910426b802ce53ceabb94a13e[/URL]
+ grep -m1 -q 'HTTP.*200'
+ '[' '' = silent ']'
+ '[' -e /var/www/html/.well-known/acme-challenge/letsencrypt_2c46d23910426b802ce53ceabb94a13e ']'
+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_2c46d23910426b802ce53ceabb94a13e
++ echo server.duraweb.eu
++ cut -d, -f1
+ FIRST_DOMAIN=server.duraweb.eu
+ IFS=,
+ read -ra DOMAIN_ARRAY
+ ACME=
+ domain_conf_file=/usr/local/directadmin/data/users/root/domains/server.duraweb.eu.conf
+ domain_ssl_file=/usr/local/directadmin/data/users/root/domains/server.duraweb.eu.ssl
+ '[' -s /usr/local/directadmin/data/users/root/domains/server.duraweb.eu.conf ']'
+ '[' -s /usr/local/directadmin/data/users/root/domains/server.duraweb.eu.ssl ']'
+ '[' '' '!=' '' ']'
+ '[' '' = '' ']'
++ da config-get default_acme_provider
+ ACME=letsencrypt
+ local challenge=
+ '[' http = dns ']'
+ issue_lego_cert letsencrypt '' '' server.duraweb.eu
+ local provider=letsencrypt
+ local key_type=
+ local dnsprovider=
+ domains=('server.duraweb.eu')
+ local domains
+ local email
+++ da admin
++ sed -n 's/^email=\([^,]*\).*$/\1/p' /usr/local/directadmin/data/users/admin/user.conf
+ email=[EMAIL][email protected][/EMAIL]
+ '[' -z [EMAIL][email protected][/EMAIL] ']'
++ acme_provider_url letsencrypt
++ local provider=letsencrypt
++ case "${provider}" in
++ echo [URL]https://acme-v02.api.letsencrypt.org/directory[/URL]
++ lego_key_type ''
++ local key_type=
++ case "${key_type}" in
++ echo ec256
+ args=('--path' '/usr/local/directadmin/data/.lego' '--dns.resolvers' '8.8.8.8' '--accept-tos' '--server' '[URL]https://acme-v02.api.letsencrypt.org/directory[/URL]' '--email' '[EMAIL][email protected][/EMAIL]' '--key-type' 'ec256')
+ local args
+ '[' -z '' ']'
+ args+=(--http)
+ has_webserver
+ '[' -z 0 ']'
+ return 0
+ args+=("--http.webroot" "/var/www/html")
+ for d in "${domains[@]}"
+ args+=(--domains "$d")
+ /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 8.8.8.8 --accept-tos --server [URL]https://acme-v02.api.letsencrypt.org/directory[/URL] --email [EMAIL][email protected][/EMAIL] --key-type ec256 --http --http.webroot /var/www/html --domains server.duraweb.eu run --no-bundle '--preferred-chain=ISRG Root X1'
2025/08/12 19:15:47 [INFO] [server.duraweb.eu] acme: Obtaining SAN certificatezEitEr
Super Moderator
Probably your server can not connect to
You will need to check how
Just a guess.
I guess you hade reasons for it, and it is done not for investigating the issue with certificates)
Anyway I don't see anything wrong in the output you provided.
I got it coming with the following lines on my end:
So the next step for you would be to debug
The mentioned
on my end. Something is definitely wrong. The
acme-v02.api.letsencrypt.org. Which resolves through aliases to:
Code:
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com has address 172.65.32.248
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com has IPv6 address 2606:4700:60:0:f53d:5624:85c7:3a2cYou will need to check how
acme-v02.api.letsencrypt.org resolves from your end and try curl to connect to the IPs.Just a guess.
I guess you hade reasons for it, and it is done not for investigating the issue with certificates)
Anyway I don't see anything wrong in the output you provided.
I got it coming with the following lines on my end:
Bash:
+ /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 2001:4860:4860::8888 --accept-tos --server https://acme-v02.api.letsencrypt.org/directory --email [email protected] --key-type ec256 --http --http.webroot /var/www/html --domains server.domain.com run --no-bundle '--preferred-chain=ISRG Root X1'
2025/08/13 08:27:36 No key found for account [email protected]. Generating a P256 key.
2025/08/13 08:27:36 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2025/08/13 08:27:36 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!
Your account credentials have been saved in your
configuration directory at "/usr/local/directadmin/data/.lego/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.So the next step for you would be to debug
/usr/local/bin/lego. The mentioned
/usr/local/bin/lego command returns:
Bash:
2025/08/13 08:29:52 [INFO] [server.domain.com] acme: Obtaining SAN certificate
2025/08/13 08:29:53 [INFO] [server.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2592297456/568229644346
2025/08/13 08:29:53 [INFO] [server.domain.com] acme: authorization already valid; skipping challenge
2025/08/13 08:29:53 [INFO] [server.domain.com] acme: Validations succeeded; requesting certificates
2025/08/13 08:29:54 [INFO] [server.domain.com] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".on my end. Something is definitely wrong. The
/usr/local/bin/lego is a binary file, but you can use strace to see what the command is doing at the moment.
DrWizzle
Verified User
- Joined
- Aug 8, 2021
- Messages
- 101
Sounds to me like Cloudflare is causing this chap a lot of trouble with the setup. I personally have no experience of using Cloudflare although I do understand why people use their DNS for things like DDOS attacks etc.
Out of curiousity, has OP tried installing DA on his server using the DA DNS and comparing to see if he gets any of the same issues (if he's able to set glue records at his domain registrar) Just thinking if he can get server set up first with all server certs issued etc, then change his nameservers at registrar to Cloudflare, see if that works? I mean he's had all this trouble, poor chap, and this might only take another hour or so to test out. Just a thought.
Out of curiousity, has OP tried installing DA on his server using the DA DNS and comparing to see if he gets any of the same issues (if he's able to set glue records at his domain registrar) Just thinking if he can get server set up first with all server certs issued etc, then change his nameservers at registrar to Cloudflare, see if that works? I mean he's had all this trouble, poor chap, and this might only take another hour or so to test out. Just a thought.