letsencrypt domain aliases are not included in the cert
Posted: Thu Jan 28, 2021 3:59 pm
They used to be. A cert renewed in the last 24 hours that has two domain aliases. Neither of those are now included in the cert. Is this a bug in a vestacp update? Is anyone else experiencing this?
The vestacp docs mention a command "v-check-letsencrypt-domain", but it's not on my server. And I don't see logs anywhere for letsencrypt. I'm coming up short diagnosing what's gone wrong.
I'm not sure if this an unrelated issue or not, but checking with v-list-letsencrypt-user, the KID url shows the following. I'm seeing it on pretty every user.
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}
Looking in /var/log/vesta/system.log, I see
2021-01-26 03:21:26 v-add-letsencrypt-domain 'USER' 'MAIN.DOMAIN.COM' 'ALIAS.DOMAIN.COM'
2021-01-27 03:21:11 v-add-letsencrypt-domain 'USER' 'MAIN.DOMAIN.COM'
Note the times. The second line comes *after* the first one in the log, despite the time being before. That's weird on it's own. But why the second line is there in the first place is weird. It got a new cert with only the main domain?
What the heck is going on in the the vestacp cert updating?
The vestacp docs mention a command "v-check-letsencrypt-domain", but it's not on my server. And I don't see logs anywhere for letsencrypt. I'm coming up short diagnosing what's gone wrong.
I'm not sure if this an unrelated issue or not, but checking with v-list-letsencrypt-user, the KID url shows the following. I'm seeing it on pretty every user.
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}
Looking in /var/log/vesta/system.log, I see
2021-01-26 03:21:26 v-add-letsencrypt-domain 'USER' 'MAIN.DOMAIN.COM' 'ALIAS.DOMAIN.COM'
2021-01-27 03:21:11 v-add-letsencrypt-domain 'USER' 'MAIN.DOMAIN.COM'
Note the times. The second line comes *after* the first one in the log, despite the time being before. That's weird on it's own. But why the second line is there in the first place is weird. It got a new cert with only the main domain?
What the heck is going on in the the vestacp cert updating?