an oddity with LE - actually two of them...

I added a website to one of my servers, with the auto-www subdomain.
LE issed the cert but ONLY to the main domain - not www!
the acme.log had:
23] Reload success
[Tue Sep 26 14:17:03 EDT 2023] LE_WORKING_DIR='/root/.acme.sh'
[Tue Sep 26 14:17:03 EDT 2023] Running cmd: issue
[Tue Sep 26 14:17:03 EDT 2023] _main_domain='nechtanmarketing.com'
[Tue Sep 26 14:17:03 EDT 2023] _alt_domains='no'
[Tue Sep 26 14:17:03 EDT 2023] Using config home:/root/.acme.sh

so why is alt_domains='no'? I had www saved!
Also I got a notification from LE about another site needing renewal.
I unchecked LE/SSL on that site, waited, and then checked them again and waited.
checked the SSL - was it not supposed to issue a new cert in this process? it gave the same dates as before (august in fact).
oddities!

 

weirder. I just unchecked the ssl boxes, saved, waited, checked the same boxes again saved waited - and now the cert has both.
nothing else changed!
seems the process is a bit temperamental!

 

just noticed something else - my server rebooted and I got a slew of named messages:
ep 27 12:00:27 ns10 named[2209]: /var/named/pri.nardiashouse.com.signed:10: signature has expired
Sep 27 12:00:27 ns10 named[2209]: /var/named/pri.contractorsadvisor.net.signed:10: signature has expired
Sep 27 12:00:27 ns10 named[2209]: /var/named/pri.moleculepharm.com.signed:10: signature has expired
Sep 27 12:00:27 ns10 named[2209]: /var/named/pri.pinnaclehealthcaredmv.com.signed:10: signature has expired
Sep 27 12:00:27 ns10 named[2209]: /var/named/pri.waterservices-md.com.signed:10: signature has expired

hmm. anything to be concerned about? geez my week keeps getting stranger!
thanks till.

 

its an old well established one! and I intend to migrate it to ns11 the newer one! LOL
and btw I was just setting up migtool and I'm getting:

[ERROR] API call to login failed. See log file for details.
Could not connect to api. Please check if the data you provided is correct.

I seem to remember this was something to with with SSL connection from years ago and I had to give migration a parameter?

 

ispconfig should be newest.
* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
* * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
30 23 * * * /usr/local/ispconfig/server/scripts/handle_mailbox_soft_deleted.sh &> /dev/null
seems to be. and one other migration question - on ns10 we are using letsencrypt/certbot. ns11 is acme. problem??

 

I run lots of services on both. and LOL I just remembered I set up google authenticator for ssh access. I suspect migration wont like that.
host lots of websites email etc...

 

... and google authenticator LOL? guess I have to try and disable that at least temporarily...
losing all the certs just means I have to go website by website and recheck the boxes? or things detonate?
how about the certs linked to ftp etc. those stay unaffected?

 

I dont guess there is any way to convert from certbot to acme before we do the migration? (hoping)

 

I have a couple up. mainly to test everything is working!

 

ack ack just noticed my isppscan is failing;
Fatal error: SourceGuardian Incompatible loader version. This protected script was encoded with a newer version of SourceGuardian. Please download and install the <A HREF="https://www.sourceguardian.com/loaders">latest loaders</A>. Error code [19] in /usr/local/ispprotect/ispp_scan.php on line 2