CentOS 8, ISPConfig 3.2.8, acme.sh 3.0.5 from Github had an issue with at least one of my SSL certs not being up-to-date, so I ran Code: acme.sh --renew-all which updated them accordingly. however, the one assigned to the DNS name of the machine itself failed with the following message: Code: [Tue Nov 1 09:23:26 EDT 2022] Your cert is in: /root/.acme.sh/mydomain.com/mydomain.com.cer [Tue Nov 1 09:23:26 EDT 2022] Your cert key is in: /root/.acme.sh/mydomain.com/mydomain.com.key [Tue Nov 1 09:23:26 EDT 2022] The intermediate CA cert is in: /root/.acme.sh/mydomain.com/ca.cer [Tue Nov 1 09:23:26 EDT 2022] And the full chain certs is there: /root/.acme.sh/mydomain.com/fullchain.cer [Tue Nov 1 09:23:27 EDT 2022] Run renew hook:'letsencrypt_renew_hook.sh' /root/.acme.sh/acme.sh: line 3594: letsencrypt_renew_hook.sh: command not found [Tue Nov 1 09:23:27 EDT 2022] Error when run renew hook. [Tue Nov 1 09:23:27 EDT 2022] Call hook error. do I need to run the ispconfig_upgrade.sh script and tell it to recreate this certificate in there instead? Shouldn't those auto update? if I run (pulled from the crontab) Code: "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" i get Code: [Tue Nov 1 09:36:23 EDT 2022] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory [Tue Nov 1 09:36:23 EDT 2022] Skip, Next renewal time is: 2022-12-30T13:23:26Z [Tue Nov 1 09:36:23 EDT 2022] Add '--force' to force to renew. [Tue Nov 1 09:36:23 EDT 2022] Skipped mydmain.com for that particular domain name thoughts?
iirc this script is from ISPConfig and is needed when you got the certificate through the installer. Can you share the config file for the cert?
all certs are originally created within the ISPConfig interface when creating a "site" on the Sites tab, by checking the Lets Encrypt checkbox. as a rule, i don't run acme manually. however, one of my certs expired recently, so it wasn't updated automatically (weekly, i believe) when the cron job ran. the acme.sh crontab command i referenced above was from the ISPConfig section of the crontab. to answer your question, i wouldn't have a clue about the config file for the cert - i assume it's ISPConfig default.
yes, the one that is failing to renew is the server host name. that's why i asked if it needed to be updated via the ispconfig_upgrade script
No. I am not sure you can if you have created a website using the same name as server hostname fqdn, then, the install of all its LE certs are now only copied to that website ssl folder only and no longer copied to ISPConfid website ssl folder anymore. Note that this a common problem that I already suggested a solution to the developers via this forum i.e. instead of using acme install (official command) to copy LE certs from acme.sh folder to respective ssl folder, they should change it to symlink (via ln -s bash command) and this will resolve all problems related to this. As official advise to user, like many others, if my first statement is true, for now I suggest not to create a website using the same name as server hostname fqdn, or if that was already created, to delete that website and to force update ISPConfig again and opt to create SSL during that process. Hopefully, that will help temporarily solve the problem as I haven't tested this at all. However, if my first statement is wrong, you should try to force update ISPConfig again and opt to create SSL during that process, but this situation seems troubling to me when the renew hook suddenly went missing since this is covered by the current installer since version 3.2 started. No promise that this will fix that either as I don't know your real problem for now.
In this case there should not be any issues. Issues arise only when a website is created with the exact hostname subdomain in conjunction with acme.sh. Run an ispconfig update with: ispconfig_update.sh --force and let ISPConfig create a new SSL cert during update.
