v-update-letsencrypt-ssl Error: domain XXXX doesn't exist

[kalakrumanov]

Operating System (OS/VERSION):

Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-43-generic x86_64)

VestaCP Version:

0.9.8

Other Notes:

When I try update certificates I get the following error:

XXXXX Error: domain ZZZZZ doesn't exist

Where XXXX is the actual domain and the ZZZZ was an alias I made long ago for emergency on all domains. Now it is not active.

How do I get Vesta to update itself and notice that ZZZZ is of course no longer there, so I can update certificates normally.

Thanks in advanced,

Kalak

[pablobae]

Check the content of /usr/local/vesta/data/queue/letsencrypt.pipe and look for ZZZZZ and delete that line if exists.

_{Sent with GitHawk}

[anton-reutov]

Write more about a steps how to reproduce this problem.

ZZZZ was an alias

What alias for ex. ?

[plutocrat]

I'm not sure whether this is the same issue or not, so feel free to move it to a different ticket, but I had a similar, but slightly different error in v-update-letsencrypt-ssl. The error was in fact Error: domain alias mydomain.com doesn't exist .. which was emailed to me when the cron job failed.

This was happening on a domain with a particularly long list of aliases: maybe 10 in total.

I ran the update script again with 'bash -x v-update-letsencrypt-ssl'. And it seems that the script is pulling the list of aliases from the SSL cert incorrectly. At one point, it tries to run /usr/local/vesta/bin/v-add-letsencrypt-domain useraccount mydomain.com mydomain2.com,mydomain3.com,,mydomain4.com,,mydomain.com,,mydomain5.com So as you can see, its adding mydomain.com in as BOTH the domain and the alias. Removing the incorrect alias, and running the command manually allowed it to succeed.

So ... how did we get there ... the clue is in the double commas ,, in the alias list. At one point in v-update-letsencrypt-ssl, commas are replaced with \n and then the domain is removed from the list of aliases with 'grep -v ^mydomain.com$'. However some commas remain in the list from the previous stage, and this grep statement doesn't match with "mydomain.com," so its not removed (as there's a comma between the domain name and the end of the line). So that looks like where the problem lies. I'm guessing this is as a result of having a long list of DNS: entries extracted from the cert.

[plutocrat]

I've just run a few tests and this seems to work. Line 44 of v-update-letsencrypt-ssl aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") change to aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")

[jstsch]

We had this issue too. Confirmed that plutocrat's fix works.

[jeffmitchel]

We also have this issue and I can also confirm that @plutocrat change fixes it.

[imyller]

@plutocrat fix works for most domain names, but fails with IDN domains.

[tlcd96]

i had this error because of an wildcard... this corrected...

[yapsr]

I had a similar error "Error: domain alias subdomain.example doesn't exist", but this had a different cause of the problem.

In my case I had once created domain example.com, with alias subdomain.example.com and Lets Encrypt SSL support. After that I removed this alias subdomain.example.com from domain example.com in VestaCP and created a new separate domain in VestaCP for subdomain.example.com with Lets Encrypt SSL support.

When updating the letsencrypt certificates with v-update-letsencrypt-ssl, this script looks for possible information in the current letsencrypt certificates and runs v-add-letsencrypt-domain $user example.com subdomain.example.com for every current certificate, but in this case one old alias domain was moved to a separate domain, so v-add-letsencrypt-domain could not find the old alias in the aliases of that particular domain anymore and returns the error "Error: domain alias subdomain.example doesn't exist".

It would be more useful if v-update-letsencrypt-ssl would add "for domain example.com" to the error message.

In this case I resolved the problem by disabling and enabling the Lets Encrypt SSL support option for the domain example.com manually in the control panel. This resets the actual alias information for the Lets Encrypt SSL support.

It would be even better if VestaCP would update and refresh the letsencrypt certificates automatically when domain aliases change.

[neyder]

I've just run a few tests and this seems to work. Line 44 of v-update-letsencrypt-ssl aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") change to aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")

@plutocrat fix worked.

[archergod]

The solution here works, can you please release it as quick fix or something? as lot of domains will expire due to this error/change.

[pabloko]

I've had this issue, the real problem is that ...vesta/data/queue/letsencrypt.pipe is keeping lines when v-add-letsencrypt-domain task fail due any error, like unverifiable alias, so it will be kept failing each 5 minutes until you manually remove it. This problem also restarts nginx each 5 minutes and send failure emails about it, but not easily traceable to letsencrypt failure unless you check vesta's error log. This is happening oftenly as some designer creates a subdomain xxx.yyy.zzz and it automaticly has an alias to www.xxx.yyy.zzz that wont be verifiable by acme. Those failed commands are kept on letsencrypt.pipe and keep failing. So any typo or unaccesible alias can produce this problem.

[mikhailnov]

@plutocrat fix works for most domain names, but fails with IDN domains.

@imyller check https://github.com/serghey-rodin/vesta/pull/1960