acme Letsencrypt verification [resolved]

I thought you were referring to a certificate for the ISPConfig interface. I know I can request a certificate manually but was hoping I could get ISPConfig to use dns_pdns for newly created websites without needing to use the terminal. acme.sh was installed by the ISPConfig auto-install, so I assumed I wouldn't have to touch that apart from directing it to not use HTTP-01.

For the domain for which I issued that exact command, the dns_pdns plugin was indeed used. But not for subsequent websites when I ticked the SSL LE options for each website.

It was when I first ran this command I was prompted to register, by that time I didn't yet know that ZeroSSL is acme.sh's default CA.

 

No. You cannot simply modify ISPConfig code without some good level of expertise and then expect to use dns challenge with it to get LE certs properly for your server. It all has to be done manually before or after you installed ISPConfig.

If you already installed ISPConfig and created SSL certs, LE or SS, during the process, the only thing you can do is delete / rename the certs, then ask for new certs via dns challenge manually for your server.

However if you have not install ISPConfig you may proceed with installing acme.sh first before requesting LE SSL certs for the server which is also a manual process when you decided to use dns challenge for your server FQDN. This is where you need to activate your LE by creating an account, which is similar to certbot.

I don't use acme.sh and use certbot instead but the process is almost similar though not exactly the same. It should work IMHO.

Nonetheless, you really should not proceed with this if you do not really comprehend this dns challenge method fully. Draw the step one by one and ask again and again until you get it, though to me this is very simple and straightforward because I did this many times already.

To note, until dns challenge is part of ISPConfig official code for server FQDN, one should avoid using it unless he really comprehend it fully, because his server may break from its SSL install or renewal due to a misunderstanding.