letsencrypt initialisation uses incorrect e-mail address
Summary
When letsencrypt is initialised, if a second website has already been created, that site's domain is used to register with letsencrypt rather than the system's hostname domain.
Steps to reproduce
- Automatically install sympl on Debian 11.
- 'sympl web create banana.DOMAIN'
- Follow wiki instructions to rename system from localhost.localdomain to apple.DOMAIN
- 'echo "letsencrypt" > /srv/apple.DOMAIN/config/ssl-provider'
- 'sudo sympl-ssl --verbose --force $newhost'
What is the current bug behavior?
When letsencrypt is run for the first time, if a website other than the default one has already been created, the wrong domain is used to register with letsencrypt
What is the expected correct behavior?
The system hostname domain should be used
Relevant logs and/or screenshots
* Examining certificates for apple.DOMAIN
SSL set 0: The certificate subject is not valid for this domain apple.DOMAIN.
SSL set 0: The certificate subject is not valid for this domain apple.DOMAIN.
No valid certificate sets found.
Fetching a new certificate from LetsEncrypt.
Created new account with email address: root@banana.DOMAIN
Requesting verification for apple.DOMAIN from https://acme-v02.api.letsencrypt.org/directory
Successfully verified apple.DOMAIN
Requesting verification for www.apple.DOMAIN from https://acme-v02.api.letsencrypt.org/directory
!! Unable to verify www.apple.DOMAIN (status: invalid)
!! Check http://www.apple.DOMAIN/.well-known/acme-challenge/V45LrunGXuYPgAU8fnsLSvQDZReL0DemhcFc0Nf0APY works.
Successfully fetched new certificate and created set 1
Rolled over to SSL set 1
You can see that while the correct certificate is requested (apple.DOMAIN), the wrong e-mail address (root@banana.DOMAIN) is used to register with letsencrypt.
Possible fixes
Sorry, no idea.
/cc @kelduum
Edited by Paul Cammish