LetSencrypt hostname: check for cacert path in case it's not the default

Version 1.56


The LetsEncrypt feature can setup a certificate for your hostname. In this case, as long as everything is in the default place (eg: directadmin.conf cacert=/usr/local/directadmin/conf/cacert.pem), things should work normally, and the letsencrypt.sh itself will auto-renew the hostname cert when needed and copy it to all different service cert locations: /etc/exim.conf /etc/httpd/conf/ssl.crt/server.crt /usr/local/directadmin/conf/cacert.pem etc.. for all cert, key and ca root certs. However, if you've changed the cacert value in the directadmin.conf so that DA uses the apache cert, or some other path, eg: cacert=/etc/httpd/conf/ssl.crt/server.crt the letsencrypt.sh script assumes you're dong something custom, and will not copy things around, so doesn't work as usual and the certs will not auto-renew everywhere. As the is *usually* not the desired behavior, but might be, although DA won't ignore the setting and change it back to the default (because what's then the point of a setting), instead DA will do it's best to let you know that this isn't normal, and will add entires to the system.log erortaskq.log and debug output with: LetsEncrypt: Ssl::get_cert_creation_time: **** Hostname certificate %s is not in the usual %s path. This can affect the letsencrypt.sh's ability to auto-renew. Please change your cacert,cakey,carootcert setting in the directadmin.conf where %s #1 is the cacert= value from the directadmin.conf and %s #2 is the default value DA would like to see for things to work correctly. Note, although DA only checks the cacert value, if you do change things back ensure you do it for all 3 settings, eg: cacert=/usr/local/directadmin/conf/cacert.pem cakey=/usr/local/directadmin/conf/cakey.pem carootcert=/usr/local/directadmin/conf/carootcert.pem (assuming you use this)

Interested to try DirectAdmin? Get a 30-day Free Trial!