Hi, I'm getting this error when I try to run the upgrade script. I'm currently on 3.2.11 Any clues as to why will be much appreciated. This occurs when I enter for Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: PHP Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in /tmp/update_runner.sh.FpJNftmnln/install/update.php:258 Stack trace: #0 /tmp/update_runner.sh.FpJNftmnln/install/update.php(258): mysqli_connect() #1 {main} thrown in /tmp/update_runner.sh.FpJNftmnln/install/update.php on line 258
Most likely, a wrong MySQL root password in /usr/local/ispconfig/server/lib/mysql_clientdb.conf file.
Many thanks, that was exactly the issue. I changed the password for MySql root after installation. Is there any other point that this may have negative effect? Could this explain why the SSL for ISPConfig 8080) is not updating even though the main SSL is current? Thanks for the good work.
You can not create databases or mysql users in ISPConfig when the password in that file is wrong. No, the mysql root password is not related to SSL cert renewal. The SSL cert for port 8080 is the main SSL cert of the system, so it can not be current and not updated at the same time. But you can try to restart the apache or nginx web server, if it remains non updated, then there is something wrong with your main SSL cert configuration.
I can confirm that the main SSL has renewed, but the :8080 still shows the expired hence it's being bounced by the browser. Is there any log I can check?
Have you restarted the web server, to make it use the new certificate? You can check Le'ts Encrypt client log, and web server log.
I have restarted the server and webserver, still same situation. I noticed the ispConfig SSL was last updated when I installed the server about 4 month ago. The main SSL has since been updated automatically and is currently valid. Where would the LetsEncrypt log be? Many thanks for your helps.
There is no effective one for the time being but you can try force updating ISPConfig and choose SSL during the process, as it should in theory install (copy) the existing LE certs in your acme.sh folder to your ISPConfig SSL folder and extends them to other services in your server, though, you may have to do this manually each time the LE certs are renewed. Certbot does not have this same problem because it uses symlink for the LE certs, and not copying them like acme.sh.
Many thanks for your helps. I have manually applied the main SSL. Much appreciate your prompt assistance.
In my mind, there is this idea, which on the renewal, acme.sh will update the server LE certs, but not website anymore, since the latest that you did should, in theory, stay in the renewal conf, and if this is correct, you can use the custom-conf to copy the server LE hook scripts and and modify that copy by adding extra command to copy the file to the website SSL folder (a true copy command instead, and not acme.sh install command). I am however, not sure, what is currently in your server LE certs renewal conf, whether the above guess is true, and as such cannot confirm whether this will work, though for now I think it may.
