I'm trying to renew the SSL Certificate for a domain. I used the following to update the SSL Certificate for ISPConfig: cd /usr/local/ispconfig/interface/ssl/ mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key cat ispserver.{key,crt} > ispserver.pem chmod 600 ispserver.pem This worked for ISPConfig but I'm stuck on how to renew the SSL certificate for my domain. I selected 'Sites' in ISPConfig and selected the domain and made sure the Let's Encrypt checkbox was checked and then clicked save. I stopped apache2 and re-started it but I'm still getting an error when trying to access the https://mydomain through a browser. When I access the ISPConfig SSL tab for the domain it shows values in SSL Key, SSL Request and SSL Certificate. When I check the /var/www/clients/client0/web?/SSL directory it still shows the symlinks mydomain-le.bundle, mydomain-le.crt, and mydomain-le.key, but when I check /etc/letsencrypt/live/mydomain it still contains symlinks pointing to ../../archive/mydomain which contains cert1.pem, chain1.pem, fullchain1.pem and privkey1.pem all dated from when I created mydomain. I noticed that /var/www/clients/client0/web?/SSL directory as well as containing the symlinks it also contains mydomain.crt, mydomain.csr, mydomain.key and mydomain.key.org. Would it solve the problem if I ran le4ispc.sh? The server is running Ubuntu 18.04 with ISPConfig Version: 3.1.15p3. Any help would be much appreciated.
If you turn on Let's Encrypt for a website in ISPConfig Panel, the certificate is renewed automatically when cert has less than 30 days left. If the certificate is not issued when you turn it on in ISPConfig, see LE error FAQ to find out why: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ If you have used certbot commands yourself from command line, that breaks the LE setup ISPConfig created. If this is the case, undo the damage, there are threads in this forum on how to do that.
I tailed the last 64 lines of /var/log/letsencrypt/letsencrypt.log and this what I got: 2020-07-28 05:11:01,640EBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1276, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request len(renew_failures), len(parse_failures))) certbot.errors.Error: 0 renew failure(s), 2 parse failure(s) 2020-07-28 13:13:00,576EBUG:certbot.main:certbot version: 0.27.0 2020-07-28 13:13:00,577EBUG:certbot.main:Arguments: ['-q'] 2020-07-28 13:13:00,577EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2020-07-28 13:13:00,583EBUG:certbot.log:Root logging level set at 30 2020-07-28 13:13:00,584:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2020-07-28 13:13:00,585:WARNING:certbot.renewal: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 64, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 420, in __init__ "file reference".format(self.configfile)) certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2020-07-28 13:13:00,585:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/mydomain.uk.conf is broken. Skipping. 2020-07-28 13:13:00,585EBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 64, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 420, in __init__ "file reference".format(self.configfile)) certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2020-07-28 13:13:00,586:WARNING:certbot.renewal: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 64, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 439, in __init__ self._check_symlinks() File "/usr/lib/python3/dist-packages/certbot/storage.py", line 498, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/mydomain.uk-0001/cert.pem to be a symlink 2020-07-28 13:13:00,586:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/mydomain.uk-0001.conf is broken. Skipping. 2020-07-28 13:13:00,586EBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 64, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 439, in __init__ self._check_symlinks() File "/usr/lib/python3/dist-packages/certbot/storage.py", line 498, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/mydomain.uk-0001/cert.pem to be a symlink 2020-07-28 13:13:00,587EBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1276, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request len(renew_failures), len(parse_failures))) certbot.errors.Error: 0 renew failure(s), 2 parse failure(s) I don't understand why ISPConfig didn't renew the SSL Certificate automatically, as the first indication that the SSL Certificate had expired was when I tried to access https://mydomain/index.php. I'm really stuck on this and would really appreciate some help.
You could disable let's encrypt for the domain, then delete all files related to it under /etc/letsencrypt/ and then enable the let's encrypt checkbox again.
Basically, I think you don't have to delete them because untick and then retick the letsencrypt box will force renewal if its certs haven't expired or will create new certs if they have expired. ISConfig GUI on this should already work fine and no cli intervention is really neccessary unless seriously warranted; else for doing the same you will still get reminder emails for the renewal of the deleted domain certs. Also I noted that you only realised about the certs expiry when you browsed the site which means that either you don't read the email warning sent to you or you didn't setup certbot with proper email. Setting up proper email for certbot is very important as a host master for obvious reasons and should be fixed if not. Try reading this on how to update email for your certbot: https://serverfault.com/a/827878
