Hello, I am trying to setup a VPN for my ispconfig multiple server conf : https://forum.howtoforge.com/threads/multiple-server-config-change-one-server-ip.88582/ That' a very old topic I had no time to finalize yet... So I am making tests. I have 2 servers. I setup a local network with a VPN (wireguard), it works. On my GUI server, I already had an ispconfig working. I modify /etc/hosts introducing local ips in it. I create users with local ips. And I run php -q update.php It fails telling me a message Code: Server's public ip(s) (hidden public ips) not found in A/AAAA records for myserver.dom.fr: 10.66.66.1 Could not issue letsencrypt certificate, falling back to self-signed. I try comeback to /etc/hosts with my public ips and rerun php -q update.php But, I can't succeed in having back my certificate and so my web gui ! Code: -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: Ubuntu 20.04.5 LTS (Focal Fossa) This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /root/ispconfig3_install/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for myserver.dom.fr Using certificate path /etc/letsencrypt/live/myserver.dom.fr Using apache for certificate validation Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... I try debug, running Code: certbot certificates it gives Code: Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewal configuration file /etc/letsencrypt/renewal/myserver.dom.fr.conf produced an unexpected error: fullchain does not match cert + chain for myserver.dom.fr!. Skipping. When trying to open ispconfig in firefox, it says : security issue, self signed certificate. Code: ls -lrt /usr/local/ispconfig/interface/ssl/* -rwxr-x--- 1 root root 5029 Nov 7 20:41 /usr/local/ispconfig/interface/ssl/ispserver.pem-20221107204102.bak -rwxr-x--- 1 root root 5029 Nov 7 20:41 /usr/local/ispconfig/interface/ssl/ispserver.pem lrwxrwxrwx 1 root root 45 Nov 7 20:41 /usr/local/ispconfig/interface/ssl/ispserver.key -> /etc/letsencrypt/live/myserver.dom.fr/privkey.pem lrwxrwxrwx 1 root root 47 Nov 7 20:41 /usr/local/ispconfig/interface/ssl/ispserver.crt -> /etc/letsencrypt/live/myserver.dom.fr/fullchain.pem -rwxr-x--- 1 root root 45 Nov 7 20:41 /usr/local/ispconfig/interface/ssl/empty.dir How can I escape that caveat ?
Do you have copies of the /etc/letsencrypt/live/myserver.dom.fr folder with numbers attached, which means you have multiple copies of the same cert now)?
I have only 1 in directory /etc/letsencrypt/live/myserver.dom.fr and also 1, in directory /etc/letsencrypt/archive/myserver.dom.fr
I would use the certbot delete command instead and then run: ispconfig_update.sh --force to start an ispconfig update and let the updater create a new SSL cert.
