Hello, I have some websites with alias-Domains. When I create the Website or when I disable cert ->save->enable cert. All will work as expected. But when the cert is renewed with the nighly script, the certificate contains only the alias-Names, not the main name. When I recreate the cert with ISPConfig or with the shell command, it works correct. SSH: /root/.acme.sh/acme.sh -r -f -d xxx-yyy.de Can someone help me? Regards Thomas
Can you check the log in /var/log/ispconfig/acme.log? Is there anything in there that might explain it?
All domains are listed in log-File. No Errors in the script. Only two messages appears: '/usr/local/ispconfig/interface/acme' does not contain 'dns' '/usr/local/ispconfig/interface/acme' does not contain 'no'
This you should never do. For LE failure for main domain, if this is true, do troubleshoot using LE FAQ.
Why not? This is the acme-script to renew a certificate. ISPConfig use the same script. In the LE FAQ there is no hint for this problem. It happens for all websites with domain alias, resulting in a multi-domain certificate. Using the shell command, the certificate contains all names, so I think the problem is not in the acme script
I have not seen this on any system yet, and we have no such other report, so it must be something very special that happens on your system only. What @ahrasis meant is that manually using acme.sh command can lead to all kind of errors when not run with the exact same options that ISPConfig is using.
I have the solution to my problem: For whatever reason, a configuration was stored in the /root/.acme.sh/ folder for the main domain and for the domain aliases. If the certificate was renewed, first the main domain and then the alias domains were renewed, overwriting the certificate of the main domain. The problem was solved by deleting the configuration for the alias domains. However, I cannot say why this configuration was created.