certbot to acme.sh: Can't get letsencrypt to work on a migrated server

Hi,
I copied an existing server using the ispcopy-tool. The old one used certbot for letsencrypt, the new one has no certbot installed and uses the acme.sh script instead. I copied the server, force-upgraded ISPConfig and resynced everything.

However, acme.sh doesn't know any of my domains. acme.sh --list shows no results. ISPConfig still seems to try to use certbot and the old letsencrypt-certs.
Is there any way to switch this setup to acme.sh or do I have to install certbot and stick with this?

Output from server.sh with debug logging:

Code:

25.04.2021-17:52 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
25.04.2021-17:52 - DEBUG - Found 1 changes, starting update process.
25.04.2021-17:52 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
25.04.2021-17:52 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
25.04.2021-17:52 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client2/web17' - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client2/web17' - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client2/web17'|awk 'END{print $2,$NF}' - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: setquota -u 'web17' '0' '0' 0 0 -a &> /dev/null - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: setquota -T -u 'web17' 604800 604800 -a &> /dev/null - return code: 0
25.04.2021-17:52 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client2/web17' - return code: 0
25.04.2021-17:52 - WARNING - Could not verify domain EXAMPLE.COM, so excluding it from letsencrypt request.
25.04.2021-17:52 - WARNING - Let's Encrypt SSL Cert for: EXAMPLE.COM could not be issued.
25.04.2021-17:52 - WARNING - 
25.04.2021-17:52 - DEBUG - NON-String given in escape function! (boolean)
25.04.2021-17:52 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
25.04.2021-17:52 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/EXAMPLE.COM.vhost
25.04.2021-17:52 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
25.04.2021-17:52 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.3/fpm/pool.d/web17.conf
25.04.2021-17:52 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
25.04.2021-17:52 - DEBUG - Restarting php-fpm: systemctl reload php7.3-fpm.service
25.04.2021-17:52 - DEBUG - Apache status is: running
25.04.2021-17:52 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
25.04.2021-17:52 - DEBUG - Restarting httpd: systemctl restart apache2.service
25.04.2021-17:52 - DEBUG - Apache restart return value is: 0
25.04.2021-17:52 - DEBUG - Apache online status after restart is: running
25.04.2021-17:52 - DEBUG - Processed datalog_id 2878
25.04.2021-17:52 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.

 

Well, that sounds very unpleasant
Okay, I installed certbot and made sure the certs are up to date and then re-enabled the LE function in the website tab. It didn't work (probably because the server thought, I'm using acme.sh now) so I enabled it directly in the database and got ISPConfig to rewrite the vhost. It seems to work now, I now have to wait for the next cert to expire to check if it gets renewed.

Thanks for pointing me in the right direction!

 

You can always test certbot renewal in advance using --dry-run parameter. So long you do not create or renew the certs manually, you should be fine.