Hi, I have a strange problem with my current server running the latest ISPConfig. I created a new website for my domain "example.com" and configured a letsencrypt certificate for it. Then I decided to add a subdomain called "sub.example.com" which redirects to another URL. Everything worked great until I deleted the subdomain. Every few months, my domain "example.com"gets a new letsencrypt certificate which my browser reports as invalid, because the CN is now "sub.example.com" instead of just "example.com". Disabling and re-enabling the SSL encryption via ISPConfig does not fix the problem. Is this a bug or am I missing something? Thanks in advance!
Probably not. Have you removed the subdomain and alias domain from the parent website certificate? See in ISPConfig Panel Sites -tab the subdomain for website and aliasdomain for website menu entries.
I already deleted the subdomain. Is there another way to remove the entries from the parent website certificate?
If "Disabling and re-enabling the SSL encryption via ISPConfig does not fix the problem." after the subdomains have been removed from alias and website subdomains, examine Let's Encrypt logs to see what is happening. See https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
Thanks again for your help. I took some screenshots from the ISPConfig Adminpanel as well as from the acme.sh logs. It seems that the subdomain is indeed not removed properly. ISPConfig Panel: Main website an subdomain folder showing up in acme.sh folder: Subdomain acme.sh folder: Acme.sh Log:
Try unticking the Let's Encrypt box on the parent website, then use LE client commands to delete the certificate. Then tick the Let's Encrypt box back. I feel it is strange you would need to do that, though. If aliasdomains and subdomains are removed and new certificate created for the parent domain it should no longer have those alias and subs. Those ISPConfig Panel screenshots: are you sure no nonprinting character is in those search boxes? That would cause nothing to be shown. Make sure they are empty. You hide the domain names in the log listings, so I could see nothing useful there.
I'll try that and report back, thanks. EDIT: I cleaned up all certificates for the domain and subdomain. So far, no more signs of the old subdomain prefix. Thanks again!
