Automating .pem copying with different users

Discussion in 'HOWTO-Related Questions' started by Syrion, Nov 7, 2024.

  1. Syrion

    Syrion New Member

    Hi all!

    First of all, my apologies for the lack of links, but because this is a first post I don't have the permissions yet to include them.

    I'm using a setup pretty similar to the Perfect Debian 12 server with Apache, BIND, DoveCot, PureFTPD & ISPConfig 3.2 tutorial by Till with everything updated to the latest software at the moment of writing.

    Recently I installed the ZNC IRC-Bouncer on my VPS, but ran into issues with the SSL certificate on both browsers (for the Web Admin Panel) and IRC clients. I backed up the znc.pem and replaced it with a renamed/rechowned/regrouped ispserver.pem (inspired by the courier-step of Let's Encrypt SSL for ISPConfig tutorial by ahrasis on this site).

    This seemed to fix the issue for now, but when renewal time will come this will break (of course). Will a modified version of the update script at the end of the Let's Encrypt tutorial work to automate everything in the previous paragraph?

    Since I'm somewhat inexperienced with Linux I didn't go for a symbolic link as the default ispconfig.pem is owned by the root-user, while the IRC-bouncer runs under an unelevated user in order to avoid permission issues. If there are any better methods than or flaws in my current solution, please let me know!

    Thanks for your knowledge and time in advance!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. You need a script that executes the required commands when the SSL certificate changes. There is a more modern approach for such a script that runs on certificate change, but using systemd for that. You can find that guide here: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
     
    koalacloud, Syrion and ahrasis like this.
  3. Syrion

    Syrion New Member

    Thanks you for your answer and the tutorial link!
     
  4. koalacloud

    koalacloud New Member

     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You should not hijack a thread when the topic has little to do with your question and is in wrong forum.
    Also, you are hiding your question within the expandable quote, it may be nobody but me has read your question.
    Perhaps write a new question to ISPConfig 3 General forum.
    Meanwhile, use https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ to find why LE did not issue certificate.
     

Share This Page