That's clarified. hostname -f : ok ; but /etc/letsencrypt/live/ns2.domain.tld directory doesn't exist ! I check ispconfig-setup.log file (I saved output from isp during install) Message was clear : challenges failed ! I missed it and firefox played me : I clean firefox, its message is clear now -> no cert ! All that for a stupid inattention... Very sorry Thanks to you, I learn a lot on LE with ISPC and 2ndary servers. Thank you very much
I am trying to correct my set up. I discover that ipsc install created a self-signed cert. when I update, it considers cert already existing. I want to remove but not sure which files to remove... thank you
I think you do not need to remove the self-signed certs as it will be renamed by ISPConfig 3.2 while requesting and installing LE SSL certs for the server ISPConfig during update. At least I think that was how I coded them before they were further improved. The only check is if there was LE SSL certs for the server, they won't be renamed or overwritten, not the self-signed certs. However, if the improved code had somehow changed to also not request for LE SSL certs even if there are only self-signed certs, then I consider this as a bug and you do have to remove or rename the self-signed certs before requesting for LE SSL certs during ISPConfig update. So please confirm which behaviour that you are currently facing during your ISPConfig update while self-signed certs already existed so a bug report may be filed and the code can be further improved. Edited: You can delete or rename them at the path mentioned by @Jesse Norell above. I now remember that this issue is related to not deleting manually assigned certs to ISPConfig from other SSL certs providers, other than self-signed certs but self-signed certs can be confirmed "openssl verify -CAfile self_signed_cert.pem self_signed_cert.pem" which will return "ok"as mentioned in here. I will open an issue on this with the above solution if no one does it earlier.
Finally, it works ! I remove isp* files in /usr/local/ispconfig/interface/ssl/ I update ispconfig. restart monit Topic definitely completed ! Thank you very much everybody
I reported this incident at the git so may be this can be discussed by the developers and something can be done about it as IMHO the self-signed certificates (other than paid or free SSL certs like LE) should preferably at least be renamed, if not overwritten. https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5919
