/usr/local/directadmin/scripts/custom/letsencrypt.sh

D

Driesp

Verified User
Joined
Mar 12, 2007
Messages
216
Location
Belgium
Hello all

It seems like the letsencrypt.sh script is now bundled in the DirectAdmin binary. Or something else is happening.
I can remove the letsencrypt.sh file in /usr/local/directadmin/scripts or /usr/local/directadmin/scripts/custom and DirectAdmin still processes certificates fine.

I changed the letsencrypt.sh script a long time ago, but I noticed my changes are not honored anymore.
I now tried using the pre hook, but that did not work either. Or maybe I am doing something wrong.
I used the file /usr/local/directadmin/scripts/custom/letsencrypt_pre.sh with the following contents to change the keysize, but that did not work either.
Code: 
#!/bin/sh

keysize="ec256"

I used this feature:

Version 1.50.1 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com

I want to override to ec256 always regardless the selected keysize.
I hope to find an alternative way to override the keysize.

Thank you in advance
Kind regards
Dries
 
Hello Dries,

The feature does not work that way. You cannot change the value of environmental variables in the Hook script. The Environmental variables can be used in read-only mode.

A custom version of the script should be placed in /usr/local/directadmin/scripts/custom/letsencrypt.sh

Related: https://docs.directadmin.com/changelog/version-1.51.0.html#custombuild-to-manage-letsencrypt-sh

Driesp said:
I used the file /usr/local/directadmin/scripts/custom/letsencrypt_pre.sh with the following contents to change the keysize, but that did not work either.
Click to expand...
 
Hello Alex
Thank you for your quick reply.

I have been patching a copy of letsencrypt.sh into /usr/local/directadmin/scripts/custom/letsencrypt.sh, but it seems like DA does not call this script anymore when creating or renewing certificates.

Kr
Dries
 
@Driesp, yes we are migrating the letsencrypt.sh script logic into the main DirectAdmin service.

Could you please share with us some more details or use cases for why you want to prevent other certificate key sizes from being used? We would prefer to allow server administrators to configure the DA behaviour with the configuration options instead of script customisations.
 
Driesp said:
but it seems like DA does not call this script anymore when creating or renewing certificates.
Click to expand...

confirmed. The script /usr/local/directadmin/scripts/custom/letsencrypt.sh is no longer used:

Bash: 
# cat /usr/local/directadmin/scripts/custom/letsencrypt.sh
#!/bin/bash
echo Testing...
exit 1;
 
Hello. We change the TTL values for DNS records when issuing wildcart certificates. Therefore, we also use our own letsencrypt.sh script. If this script no longer works, we would like to see this setting in the control panel itself.
 
fln said:
@Driesp, yes we are migrating the letsencrypt.sh script logic into the main DirectAdmin service.

Could you please share with us some more details or use cases for why you want to prevent other certificate key sizes from being used? We would prefer to allow server administrators to configure the DA behaviour with the configuration options instead of script customisations.
Click to expand...

Hi fln

Thank you for the prompt reply.

I would like to use the ec256 keysize for all certificates, I am convinced any other keysize has no positive benefit for our clients.
Keys are also cycled every certificate renewal, I don't think a bigger size is beneficiary (in 2026).

Kind regards
Dries
 
You must log in or register to reply here.
Back
Top