Seems you have modified the certificate setup for postfix and dovecot. This probably broke the setup ISPConfig made. If you are installing a new ISPConfig host anyway, that may be the easiest way to get a fully working system. Just remember ISPConfig sets up your system and it works, unless you go and modify the settings ISPConfig made. If you want you e-mail server to have hostname odin.bnjpro.dk use that as hostname when installing ISPConfig, and set MX record to odin.bnjpro.dk. Then certificates just work. If you want mail.bnjpro.dk as e-mail server name, use that as hostname when installing ISPConfig. That is the easy way, it can be made in other more complicated ways too, but why not use the easy way?
My (new) problem should maybe be posted somewhere else, but I still have certificate issues. If it would be better to post this somewhere else, admin is more than welcome to move the subject. Well I have taken the decision to move to a new server. I have made the installation with the new git provided setup solution. And man how easy can it be. This blew my mind. So simple and easy. But Im working my way through the transformation by moving things over manually, site by site, mail account by mail account. I only have a few, so it's not really that bad. I'm planning to let the old server still be at work while I'm preparing the moveover. So I would start by moving the webpages, so I have only opened the network transport for the HTTP and HTTPS (seems like we are over the days with HTTP, which I think is for the better) to the new server for now. I have named the new server freja.bnjpro.dk the old one is odin.bnjpro.dk, which seems to give me another headache. I can't get a certificate for the new server. I guess it is because I use the same domain for both? Only the subdomain differs. I'm I right about this? Would I have to revoke the old certificate first, and then ask for a new one on the new server? I try to enable Letsencrypt on the new machine, but after the 2 minutes wait, the tickbox is unticked. I then try to find the Letsecnrypt logfile, but there is no logfile in var/log/... And there is no folder with Letsencrypt in /etc either. Is it placed somewhere else now, or hasn't it installed? I'm now using the newer way of getting certificates from letsencrypt (which is not certbot anymore as I understand). The setup is the standard without changing anything in the setup script. Footnote: I also fell over that it is still possible in ISPC 3.2.9 to enable APS (which I think was good, but I know it is to big a problem to keep up-to-date - so no protests from my part). But if you try to enable it, there are nothing to update, so no CMS' or blogs, or anything to install. Why not remove the possibility of enabling it all together? It seems to not serve a purpose anymore.
No. Unless you have freja.bnjpro.dk on the old server too. Does freja.bnjpro.dk point to the new server in DNS name service? I guess you are using acme.sh instead of certbot as Let's Encrypt client. The LE error faq should still work, though.
Nope. You can use any subdomain so long both servers are connected to internet and have all relevant ports opened and their dns A records are properly setup as @Taleman said. Personally I'd prefer you to open new thread.
Ok. I think I might have found the problem. But I'll have to wait for the DNS probagation to see if this is the issue. I have allways used the domain bnjpro.dk as the A record. But as I read your comments I should be doing it as FQDN which would be freja.bnjpro.dk - which I didn't (neither with odin.bnjpro.dk). So I have started a new SOA with freja.bnjpro.dk in hope that my start-up problems is related to that. I wil wait a day and see if I can generate a letsencrypt certificate by then. I really appreciate all the help I'm getting here. And I will respect the rules in here and start a new thread when I have any news. In the meantime, could someone give any pointers to how the perfect DNS setup would be for the perfect server? Like any online litterature on the subject. Do howtoforge allready have such a guide?
freja.bnjpro.dk should not be a SOA in DNS, freja.bnjpro.dk is just a A-Record (and AAAA Record) in the soa bnjpro.dk which points to the IPv4 (and IPv6) address of your system. And your system's hostname should be set to freja.bnjpro.dk in /etc/hosts, /etc/hostname and /etc/mailname. This hostname must be accessible from outside on port 80 as Let#s encrypt will try to reach your system before it issues a cert.
The only requirement is that your system's hostname must be a subdomain, and this hostname must exist in DNS so that other systems can reach it. That's all.
Thank you so much. I have now a valid letsencrypt certificate for the new server. Now I can begin to play.
