Now that acme has changed it's default certs to use ECC (Elliptic Curve Cryptography) Certificates how do we update older ispconfig servers all to use _ecc folders (with postfix and dovecot). Some still use /root.acme/fqdn without _ecc in folder name. Can we just remove the old folders and generate new ones? Will this dovecot config break... Code: ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key ssl_dh = </etc/dovecot/dh.pem Will ispconfig use acme dh.pem file? What about Dovecot /private folder links?
ISPConfig uses the copy function from acme.sh and not links directly to internal storage structures. The symlinks you mentioned point to ISPConfig ssl folder, so no change there. ISPConfig supports the ecc certs in acme.sh for quite some time now.
So if I want to bring all servers "up to date" so all of them have the same logic all I have to do is remove the old folders in /root.acme/ and Ispconfig will generate new ones with _ecc structure?
Just a stupid question here — @SamTzu when you mention "remove the old folders", what exactly do you mean by "old folders"? Only those that do not end in _ecc? Or all of them? And will ISPConfig3 automatically handle the symlinks to the "old" directories (i.e., those without _ecc at the end), or put them all into the non-_ecc-terminated directories instead? Sorry, I've been struggling for the past two years or so in "getting this right"... and still haven't! See also https://forum.howtoforge.com/threads/acme-sh-ecc-sufix.90093/
I am not using acme.me/sh yet, but I think yes new ones are with ecc extension, automatically if I remember correctly, so old ones can be deleted. In certbot, the method is still symlink but only to live folder of /etc/letsencrypt, which symlink to the latest ones in archives, so older ones can also be safely deleted too, though we need not to because our LE files are lesser compared to copy and output to new folder like acme.sh, which will have two copies all the times, ones in it and ones in each SSL folder for website and ISPConfig.
