Wildcard LetsEncrypt was removed during renewal.

Version 1.54

Bugfix
Finished

During the renewal of a wildcard certificate, DA checks to ensure all subdomains and other values in the subjectAltName part of the san_config still exist. If not (say a subdomain was removed) DA would remove that single entry, and continue normally. If the * wildcard value was not in the zone, the renewal would have failed (likely for most cases), so the fix was to allow * even if it's not in the zone, as LE doesn't lookup a random A record for verification, it uses a specific record. Any wildcard cert that has renewed already likely is affected. You can check all of your domains to confirm which no longer have wildcards (assuming you set them all to be wild, so ensure you factor that in from the list) grep subjectAltName /usr/local/directadmin/data/users/*/domains/*.san_config | grep -v '*' will show all san_config files which do NOT have the current wildcards setup. (DA won't be able to know which did or did not) If you need to manually set all domains to be wild again, for each san_config: /usr/local/directadmin/data/users/*/domains/*.san_config change the previous line: subjectAltName=DNS:domain.com, DNS:www.domain.com to be wild again: subjectAltName=DNS:*.domain.com, domain.com and the next renewal should take it from there. To automate the forced renewal of all certificates (may cause you do hit the daily limit, so do this with caution), set the unix timestamp from more than 60 days ago. For example if today is September 9th, 61 days ago is July 10th, so in unix timestamp it's 1531273805 Thus put: echo 1531273805 > /usr/local/directadmin/data/users/USER/domains/DOMAIN.COM.cert.creation_time and you can force a renewal check right now and it will update any domain who's creation_time is more than 60 days, by typing: cd /usr/local/directadmin echo "action=rewrite&value=letsencrypt" >> data/task.queue; ./dataskq d2000

Interested to try DirectAdmin? Get a 30-day Free Trial!