I know... this thread is quite old... but I NOW ran into a problem... after months of running a nginx server on a apache configured iSPconfig.. In fact I didn't realize that this is a decision with such heavy impact when I installed that instance. Everything worked fine, but after updating to ISPconfig 3.3.1p1 (I guess that was the problem) I don't get new LE certificates. The LE log on the machine tells me everything went fine, the stored certs in /var/www/clients/client1/web8/ssl/<domain>-le.crt are NEW, but to the outside an old version is shown. Running ispconfig_update.sh --force in the end showed Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. PHP Warning: Error while sending QUERY packet. PID=3975405 in /tmp/update_runner.sh.EaWbW5WmQV/install/lib/mysql.lib.php on line 212 Sure... there IS no apache. But where is the old certificate? What else can I do than making a fresh install? Everything worked fine for so long....
okay... digging deeper into the log files I found out: there WAS a certbot running, and maybe this broke when updating to Debian 11 recently. So the ISPconfig made a functional update to the certs, that's why the checkboxes SSL/LE kept being on, but the nginx running on the machine depended on the certbot. While certbot was running okay, nobody noticed the double services because no error. So it is NOT an ISPconfig problem and nothing concerning the issue apache/nginx. For a quick solution I pointed the cert-paths of nginx fo the ISPconfig files: editinv /etc/nginx/sites-enabled/flaskapp ssl_certificate /var/www/clients/client1/web8/ssl/pdo-darts.de-le.crt; ssl_certificate_key /var/www/clients/client1/web8/ssl/pdo-darts.de-le.key; and service nginx restart For Dovecot and postfix I had to redefine the symbolic links in /etc/postfix (dovecot uses them, too, so no change required there): ln -s /var/www/clients/client1/web8/ssl/pdo-darts.de-le.crt smtpd.cert ln -s /var/www/clients/client1/web8/ssl/pdo-darts.de-le.key smtpd.key service dovecot restart service postfix restart I KNOW this is a dirty workaround, but it works for now, and now I look for a correct solution either bringing certbot to work again or - better - chance my ISPconfig-setup to nginx.... And maybe my hints and path-info helps somebody running out of time renewing his broken certs...
