I am not entirely sure what you are expecting, but I suspect the error is not due to specifying the host as a variable, but rather due to having a host name in the file which does not return a certificate or is not listening on port 443.
I set up a domains.lst with two host names - one with a certificate and one without, and received this result (domain names chanaged to protect the innocent):
Code:
nocertificate.com
unable to load certificate
3073422984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
goodcertificate.com
notBefore=Jan 30 21:47:43 2015 GMT
notAfter=Jan 31 21:47:43 2025 GMT
Is this the error that you are seeing? If not, please post the exact error message you are seeing.
This error results because you do not test whether the
openssl s_client... command actually returns a certificate, but blindly pipe it through to
openssl x509..., which generates the error if no certificate is received.