I am not sure if the problem is because I had the domain setup as a site on ISPConfig, with it's own LetsEncrypt SSL along with mail.domain.tld for each of my client's domains so that they could get SSL to work without having to do anything in their mail client. The problem experienced was going to sub.mydomain.tld:8080 was giving an error regarding the certificate being expired. However, going to sub.mydomain.tld:443 gave no such error. I then came to these here forums and found some interesting points that were raised. This led me to believe that acme.sh was seeing sub.mydomain.tld and renew the certicate in /var/www/sub.mydomain.tld/ssl and skipping /usr/local/ispconfig/interface/ssl. I thus backuped up the contents of /usr/local/ispconfig/interface/ssl and then copied the .crt and .key from /var/www/sub.mydomain.tld/ssl to /usr/local/ispconfig/interface/ssl and renamed them ispserver.crt and ispserver.key respectively. This was followed by a reboot for good measure, though I am certain restarting Apache2 would achieve the same result. Problem is now fixed. May those with the knowledge advise if this is a sound workaround before I write a script to automate this. Running ISPConfig 3.2.8p2 on Debian 11.5 with PHP7.4 as the core PHP.
That's the problem. acme.sh can copy an SSL cert only to one location. By creating a site with the name of the system hostname, you reconfigured acme.sh to stop updating the ISPConfig SSL cert and only update the SSL cert of the site. The best workaround instead of copying files is that you symlink them. Delete the SSL cert and key from ispconfig and replace them with symlinks pointing to the SSL cert of the site you created.
