Not sure if I am doing something wrong but every time I delete an aliasdomain I later run into failures at certificate renewal time, because the deleted domain is still in the certificate but can't be validated any more. Recovery is difficult and requires manual intervention. Shouldn't ISPConfig create a new certificate when an alias domain is deleted? I am using certbot by the way. NB. I am pretty sure that even the common trick: [Disable SSL / Enable Letsencrypt] did not help because whoever ISPConfig or certbot still finds the old certificate and tries to renew it.
I know that is an active problem but I don't think auto deletion of LE SSL certs upon deleting a virtual hosting ISPConfig panel is a feature yet, though it has been discussed several times, but you may already knew that. Using certbot or acme.sh does not matter, but so far I think ISPConfig does not delete the old and create the new certificate for the main website upon removal or deletion of its alias or subdomain for that matter. Yep. This definitely won't help if the default code is not upgraded. I can give few suggestions for that which involves adding extra command to create new LE SSL by force (there are currently two ways from what I studied) but I'd prefer adding that in one go with DNS challenge / authorization that I'm currently developing for ISPConfig.
Thanks for your reply, at least I now know that I am not doing anything wrong. Yes I can help myself using manual commands, and it does not happen too often, so it's not too big of a problem. But it has cost me a bit of headache in the past.
Alternatively / temporarily, you could use alias domain or sub domain with its own virtual host (vhost) but you'll have to enable this in your ISPConfig Panel > System Tab > Main Config. This way, LE SSL certs for them is separated from the main domain but they still share the same web site folder as the main domain. Plus, you can opt to change its path as well during its creation, but this option - to change path - is available only upon its creation and is not editable after its setup.
Thank you for that hint, I did not know it. This way I can separate soon-to-die domains off their main web site early enough to not cause any problems when it comes to cert renewal. I can't find that option, but it is not relevant, since all applicable alias domains already exist.
That is fine because if you enable that, you can only see the said option during alias / sub domains' creation, not after they were setup.
