Hello. I'm Using ISPC 3.2.8p1 installed on Debian 11 using autoinstaller script. Today i noticed that my admin panel SSL expired. Of course mail server apps also use wrong certificate now (and maybe FTP server too). Because i'm using v3.2.8 there is no cerbot installed (autoinstall script use acme.sh AFAIK). I didn't find any configuration for admin panel itself inside .acme.sh/ folder. How can i check what is going on? How to force ISPC3 panel to regenerate own certificate (so i will find out what is going on)?
Basically you should check and report when you received first warning of renewal failure which is normally first day after 60 days but within 30 days before expiry; and then follow LE FAQ to troubleshoot and report here if that also failed. For now force update ISPConfig and choose to create LE SSL during the process. If it failed to create new LE SSL certs, do follow LE FAQ to troubleshoot and report here if that also failed.
Well. LE FAQ was the first thing i've checked, but there is no any information about certificate used by ISPC panel itself, only about vhioists that are working well for me without any problems. The only certificate that is not updating is the panel one. I do not want to force upgrade because it may rebuild some config files that i've changed for services so they support things that ISPC do not have built in. But this is a good hint, to check upgrade script and see how it's generating certs and try to do same thing by myself. Thank You! EDIT: I think after few minutes of checking ISPC files, that problem may be that i made inside ISPC website with same domain name that ISPC is using (so loading domain name with standard http and https without ISPC port will just work for anyone). Inside letsencrypt_renew_hook.sh there is: I imagine, that because site using same domain have generated certificate earlier, then checking of ISPC panel itself gave information that certificate is correct (acme.sh will tells it is, because i's fine), but same time ISPC will not copy/link cert files from site with the same domain to it's own folder (because it is not aware of the situation). I will try to figure this out somehow, and maybe propose solution because it is regression. EDIT2: I also noticed that sites disabled from SSL/LE in ISPC still got directories/files inside /.acme.sh/ folder, and it is trying refresh certs even if the website is disabled.
Yes. Basically creating a website using your server hostname fqdn while using acme.sh will cause such a failure and active users including the developers already knew that. The fix is like what I told you but then try add to the renewal hook script to copy the same to your website ssl folder with the ISConfig prescribed naming convention (never tested this) but you can also use whatever method that works for you and good luck fixing your way.
