SSL on hostname

[hmaddy]

Error on installing SSL on hostname

/usr/local/directadmin/scripts/letsencrypt.sh server_cert `hostname -f`,server.mysrv.com
2024/05/08 09:42:22 [INFO] acme: Registering account for [email protected]
2024/05/08 09:42:22 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietfarams:acme:error:invalidContact :: Error creating new account :: contact email "[email protected]" has invalid domain : Domain name does not end with a valid public suffix (TLD)
Failed to issue new certificate

 

[zEitEr]

Hello,

First you will need to setup a FQDN (fully qualified domain name) of the system, i.e. the name that the resolver returns for the hostname, for example server.example.com. And then only you can create a certificate. If it is done skip the step.

Then follow instructions from the post:

- https://forum.directadmin.com/threads/ssl-on-web-control-panel.67876/#post-374975

 

[Richard G]

/usr/local/directadmin/scripts/letsencrypt.sh server_cert `hostname -f`,server.mysrv.com

Ths is an incorrect command. The new command is server_cert but nothing required further anymore so use like this:
/usr/local/directadmin/scripts/letsencrypt.sh server_cert

Nothing more.
The old commands (still working) were either like this:
/usr/local/directadmin/scripts/letsencrypt.sh request_single $(hostname -f) 4096
or with hostname, but then like this:
/usr/local/directadmin/scripts/letsencrypt.sh request_single server.mysrv.com 4096

Best is to use the new method from now on, that's easier, so only:
/usr/local/directadmin/scripts/letsencrypt.sh server_cert
do not add anything to it, DA will use the correct configured hostname automatically.

And indeed like said above, first configure a FQDN hostname and set correct rDNS.

 

[zEitEr]

Ths is an incorrect command. The new command is server_cert but nothing required further anymore so use like this:

You can still use it the way:

/usr/local/directadmin/scripts/letsencrypt.sh server_cert [<domain>] [<key-type>]

see:

[root ~]# /usr/local/directadmin/scripts/letsencrypt.sh
Usage:
    /usr/local/directadmin/scripts/letsencrypt.sh request|renew <domain> <key-type> [<csr-config-file>]
    /usr/local/directadmin/scripts/letsencrypt.sh server_cert [<domain>] [<key-type>]
    /usr/local/directadmin/scripts/letsencrypt.sh revoke

Got 0 args:
    /usr/local/directadmin/scripts/letsencrypt.sh

Multiple comma separated domains, owned by the same user, can be used for a certificate request

Environment variables:
    dnsprovider - passed to lego as DNS provider parameter
[root ~]#

The issue here is that the contact email "[email protected]" stored in

- /usr/local/directadmin/data/users/admin/ticket.conf
- /usr/local/directadmin/data/users/admin/user.conf

is based on old not-valid hostname. So the user @hmaddy will need to update the contact email of the user "admin".

 

[Richard G]

You can still use it the way:

Yes correct, thank you.

But not like this which he was using:
/usr/local/directadmin/scripts/letsencrypt.sh server_cert `hostname -f`,server.mysrv.com

Then it's requestion the same in 1 line twice, right? Provided the 'hostname -f' tag would work here too.

Cause is indeed admin e-mail, you are correct ofcourse!