Can't create SSL certificate for new website

Discussion in 'General' started by jnrmy, Feb 17, 2021.

  1. jnrmy

    jnrmy New Member

    Hello everyone.

    I have ISPConfig 3 installed on a Debian 9 server. While creating a new website I was unable to register a new SSL certificate. Looking at LetsEncrypt logs It looks like this is because I still have an old certbot version installed (0.10.2) using the ACMEv1 API. Actual certificates are renewed but new ones can't be registered.

    I searched for all the possible options here and on others boards, but I am a little bit lost between certbot-auto, acme.sh etc and I don't want to try things I am not sure that will work or not, as I don't want my website to be down for too long.

    What should I do in that case without messing something ?
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I believe uninstall from packages and install manually, but I don't actually have a Debian 9 system. Don't worry about your website being down because certbot isn't right, your old certificate will continue to work fine while you fix certbot. You won't be able to request new certificates until it works, obviously, but even in the worst case you should have 30 days to work on it.
     
  3. jnrmy

    jnrmy New Member

    Hello,

    So I am back after two months because I tried last week and everything went wrong. I uninstalled certbot from packages but cannot install a new version. Newer versions of certbot require Snapd, but since I am using a LXD container I was not able to install it.

    At this point everything was still working. After that I udpated ISPConfig from 3.2 to 3.4 and saw that it installed acme.sh. I thought I was saved, but I was wrong. After the update, all my websites and the ISPC dashboard displayed SSL errors, nobody was able to access any of my website.

    Thanks to a back up of my container I was able to get everything back online quickly but I am still stuck with my old version of certbot.

    So, what did I do wrong and what can I do now ?
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Switching certbot to acme.sh breaks the certificate setup. To fix remove all certificates, remove certbot and all files it made. Then let ISPConfig create new certificates, this time using acme.sh. There are threads about this on this forum.
     

Share This Page