At first I work with normal apache and user letsencrypt standalone to generate free SSL my renew config look like Code: # renew_before_expiry = 30 days version = 0.10.2 archive_dir = /etc/letsencrypt/archive/example.domain.com cert = /etc/letsencrypt/live/example.domain.com/cert.pem privkey = /etc/letsencrypt/live/example.domain.com/privkey.pem chain = /etc/letsencrypt/live/example.domain.com/chain.pem fullchain = /etc/letsencrypt/live/example.domain.como/fullchain.pem # Options used in the renewal process [renewalparams] authenticator = standalone installer = None account = some-random-id pre_hook = systemctl stop apache2 post_hook = systemctl start apache2 I install ISPConfig on my server for hosting some of my client CMS. Then sometime my apache has been shutdown. I try to debug it. I found out it happen when some domain need renew SSL. I check on renew config again Code: # renew_before_expiry = 30 days version = 0.10.2 archive_dir = /etc/letsencrypt/archive/example.domain.com cert = /etc/letsencrypt/live/example.domain.com/cert.pem privkey = /etc/letsencrypt/live/example.domain.com/privkey.pem chain = /etc/letsencrypt/live/example.domain.com/chain.pem fullchain = /etc/letsencrypt/live/example.domain.como/fullchain.pem # Options used in the renewal process [renewalparams] authenticator = standalone installer = None account = some-random-id pre_hook = systemctl stop apache2 post_hook = echo '1' > /usr/local/ispconfig/server/le.restart If you look at the post_hook it has been changed by ispconfig. Cause the apache to stop and never start. How to fix this problem?
The problem is not the post_hook, which does an apache restart, it's your custom pre_hook which needs to be removed as it stops apache.
@till Is it going to work? because it renew my SSL which not serve by ISP config but instead it restart the ISP config.
Le in ISPConfig is working fine, its just your manual use of certbot which causes issues on your system and it's not ispconfig, that stops apache, the issue is certbot. You have to remove the pre_hook in the manual created le config files to fix your issue and don't use certbot anymore manually, use the builtin functions from ISPConfig.
To say certbot/letsencrypt is shutting down apache is technically correct, although what actually happened was certbot failed to restart apache. Its semantics I know, but one suggests that certbot did something bad and should be removed, which it didn't and shouldn't, the other suggests certbot was unable to perform the task at hand meaning there is a problem to solve, which is the case.
