Hey guys! I noticed that my certificate /usr/local/ispconfig/interface/ssl/ispserver.crt expired and that it wasn't renewed. Code: ls -l /usr/local/ispconfig/interface/ssl/ total 32 -rwxr-x--- 1 root root 768 Feb 1 15:13 dhparam4096.pem -rwxr-x--- 1 root root 45 Feb 1 15:13 empty.dir -rwxr-x--- 1 root root 2893 Dec 3 00:11 ispserver.crt -rwxr-x--- 1 root root 2885 Dec 3 00:11 ispserver.crt-20251202231117.bak -rwxr-x--- 1 root root 227 Dec 3 00:11 ispserver.key -rwxr-x--- 1 root root 227 Dec 3 00:11 ispserver.key-20251202231117.bak -rwxr-x--- 1 root root 3120 Dec 3 00:11 ispserver.pem -rwxr-x--- 1 root root 3112 Dec 3 00:11 ispserver.pem-20251202231117.bak Initially I installed 3.3.0 on Debian 12, but I did update to 3.3.1 beginning of Feb, and probably something broke then (I did reconfigured and updated everything). Since after initial install ispcofig.mydomain.com URL didn't work, I created ispconfig.mydomain.com website, enabled Let's Encrypt, added additional Apache config to proxy it, and everything was working as expected. Then couple of days ago I noticed that URL doesn't work and figured out that cert expired. So it's picking config from /etc/apache2/sites-enabled/: Code: 000-ispconfig.conf -> /etc/apache2/sites-available/ispconfig.conf 000-ispconfig.vhost -> /etc/apache2/sites-available/ispconfig.vhost instead of: Code: 100-ispconfig.mydomain.com.vhost -> /etc/apache2/sites-available/ispconfig.mydomain.com.vhost It makes perfect sense that it work like this (loading 000- first), I am not confused about it But I don't remember how it was, since after install that URL wasn't working until I added my separate website, and I didn't check "under the hood". Is there a way to trigger only cert renewal for this default server cert? I don't want to do whole reconfigure stuff (btw it was already done during update), since I have other custom changes that I had to do, and those will be overwritten.
Check with command Code: hostname -f what is server hostname. Have you created a website with that same name?
Hostname is server1.mydomain.com This was from initial ISPconfig installation, and it was never changed. I created website for that as well, and that URL works without issues. I have only problem with ispconfig.mydomain.com.
The problem is that when you create a website for the hostname, then this will disconnect the certificate for all other services, so it will not renew anymore for them; only the website will get a new cert. The reason is that acme.sh can copy the cert to one location only. By creating a website, the SSL folder of the site is now the target for renewed SSL certs and not the central ISPConfig SSL folder. What you could do is that you create a script that copies over the SSL cert from the website's SSL folder to the ISPConfig SSL folder, then creates the .pem file, and then restarts the services that use this certificate.
