Stuck Certificate

Discussion in 'General' started by profm2, Oct 28, 2021.

  1. profm2

    profm2 New Member

    Hi,
    I'm trying to resolve an issue where I let one of my domains lapse, then today I went in and removed the domain from ISPConfig. I found out that my SERVER.DOMAIN.COM certificate cannot be renewed because there appears to be a reference to MAIL.OLDDOMAIN.COM. (This was done to allow SSL/TLS to my servers' email).

    The OLDDOMAIN.COM no longer exists, so I cannot create MAIL.OLDDOMAIN.COM in my server, to then remove it later.

    What would be an easy way to resolve this?
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    How did you create the certificate with the old name?
     
  3. profm2

    profm2 New Member

    Since my server has been up for quite some time, I *THINK* I used this: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ guide. Unfortunately it has been a couple of years since I did this.

    Ultimately what somehow happened is that in the /etc/letsencrypt/renewal folder, the SERVER.DOMAIN.COM configuration has a section labelled [[webroot_map]], which has 2 lines under it ... the first:
    mail.OLDDOMAIN.com = /usr/local/ispconfig/interface/acme
    and the second
    server.DOMAIN.com = /usr/local/ispconfig/interface/acme

    Upon further reflection, I think I will take the time to create a VM that ISPConfig will sit in, and basically redo my server.

    Thanks for your speedy response.
     
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    You can try to remove this part if the only problem you were facing is renewal of this domain (mail.OLDDOMAIN.com), thereafter dry run renewal and see if that config works.
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    'certbot certificates' should list your certificates, and you could just delete the old one, then run ispconfig_update.sh --force and reconfigure services, and let the installer setup another certificate for the server
     
    profm2 likes this.
  6. profm2

    profm2 New Member

    I'll try that. I didn't realize certbot did that. Thanks
     

Share This Page