Closed Bronislawsky closed 2 years ago
After reading the script carefully, I beleive to have domain.net and www.domain.net SITE_DOMAIN must be "domain.net" instead of www.domain.net I will update my ss-config SITE_TLD="domain.net" and SITE_DOMAIN="domain.net"
@Bronislawsky Thanks again for some of your early participation and bug reports, and sorry for my late replies.
I'm not sure I understand exactly what caused your TLD to have no Let's Encrypt SSL here, however, over the past year or so the ss-encrypt-certbot
script (and others) have been improved, now they use:
SITE_DOMAIN_EXCLUDING_WWW
SITE_DOMAIN_INCLUDING_WWW
So now the logic is much better, because the cert generation (and installation) doesn't assume anything, and every single server is treated the same in that both www and non-www versions of the certs are generated no matter what (unless the SITE_DOMAIN
value in ss-config is determined to be a subdomain, in which case www version will be ignored).
Many other bugs and poor logic have also been fixed.
Ref: https://github.com/littlebizzy/slickstack/blob/master/bash/ss-encrypt-certbot.txt
Also we deprecated SSL_EMAIL
and SSL_EMAIL_ALERTS
to keep Certbot management simpler. Going forward, SlickStack will not support including an email address in the cert generation. Thanks!
Here is my settings
SSL_TYPE="certbot" SSL_EMAIL="user@domain.net" SSL_EMAIL_ALERTS="false" WP_MULTISITE="false" SITE_TLD="domain.net" SITE_DOMAIN="www.domain.net"
in ss-encrypt this if block gets called
subdomain (www is irrelevant) + no email alerts (or missing)
elif [[ "$SSL_EMAIL_ALERTS" != "true" ]] && [[ $SITE_DOMAIN == ..* ]]; then o certbot delete --cert-name ${SITE_TLD} o certbot delete --cert-name ${SITE_DOMAIN} o certbot certonly --noninteractive --agree-tos --cert-name ${SITE_DOMAIN} -d ${SITE_DOMAIN} --register-unsafely-without-email --webroot -w /var/www/html/
I don't know if its de default behavior but domain.net doesn't end up with a valid SSL the SITE_TLD ends up with no cert
when calling www.domain.net it works but domain.net has cert for www.domain.net which fire a security warning