Hello, just thought I would mention that after i ran the update script to update to the latest patch, 3.0.5.4p3 When it asked to "Create new ISPConfig SSL certificate (yes,no) [no]:" I said no, but it replaced the certs anyways?? Not a big deal for me, but it might for some people... Have a good one...
Thats strange, I installed the update on quite a lot of servers already and no ssl cert replaceents happnened. I will check that in the code if there is something wrong.
Maybe because i did it manually, meaning i edited .... /etc/apache2/sites-enabled/000-ispconfig.vhost The original file was like.... # SSL Configuration SSLEngine On SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle I then commented out SSLCertificateFile & SSLCertificateKeyFile line and added the below.. SSLCertificateFile /etc/ssl/certs/Domain_ca.crt SSLCertificateKeyFile /etc/ssl/certs/star_domain_ca.key so it looked like... # SSL Configuration SSLEngine On SSLCertificateFile /etc/ssl/certs/Dido_ca.crt SSLCertificateKeyFile /etc/ssl/certs/star_dido_ca.key # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle After the update it looked like this.... # SSL Configuration SSLEngine On SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle If that helps...
Yes, that explains the problem. If you install custom ssl certs, then they have to use these paths: /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.key /usr/local/ispconfig/interface/ssl/ispserver.bundle other paths are not supported and will get replaced. To fix your problem, run: cp -pf /etc/ssl/certs/Dido_ca.crt /usr/local/ispconfig/interface/ssl/ispserver.crt cp -pf /etc/ssl/certs/star_dido_ca.key /usr/local/ispconfig/interface/ssl/ispserver.crt then restaore the original ispconfig vhost file like it was created by the ispconfig installer and restart apache.
