Hi There is a capability in ISPConfig in which customers can add an SSL to their own website. There are three actions in the panel; save, create, and delete. For two years we had no problems, we delete the previous SSL and then create a new one. This year we got a problem. It seems whatever we have done while browsing the site we saw an SSL error and details mentioning the previous year's data. here are the error details: Code: Attackers might be trying to steal your information from www.site.com (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID Subject: www.site.com Issuer: www.site.com Expires on: Jun 9, 2033 Current date: Jun 12, 2023 PEM encoded chain:-----BEGIN CERTIFICATE----- MIID6zCCAtMCFEcPPnmbz95PUFYNyIzDtkBLCrEnMA0GCSqGSIb3DQEBCwUAMIGx MQswCQYDVQQGEwJVUzEoMCYGA1UECAwfOTEgT2NlYW4gU3QuIEJyb29rbHluLCBO WSAxMTIyOTERMA8GA1UEBwwITmV3IFlvcmsxDzANBgNVBAoMBkVBSSBDbzEWMBQG A1UECwwNSVQgRGVwYXJ0bWVudDEXMBUGA1UEAwwOd3d3LnNoYXNmYS5jb20xIzAh BgkqhkiG9w0BCQEWFHdlYm1hc3RlckBzaGFzZmEuY29tMB4XDTIzMDYxMjA4MTEw MVoXDTMzMDYwOTA4MTEwMVowgbExCzAJBgNVBAYTAlVTMSgwJgYDVQQIDB85MSBP Y2VhbiBTdC4gQnJvb2tseW4sIE5ZIDExMjI5MREwDwYDVQQHDAhOZXcgWW9yazEP MA0GA1UECgwGRUFJIENvMRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRcwFQYDVQQD DA53d3cuc2hhc2ZhLmNvbTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVyQHNoYXNm YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCskyl/T/IHMvOS m7sO3fT77Alt5Ot25UQhJ4a2HdJoGRkRTBDlIyDnbMSzTcD650Sx/3tu9DFmuwWO bcvCNwBK+If9/e86PN7BI7N4MRWI1LD3USrjhDFGecd66Et9ePXlpFlLP40bTKx5 u8n1ErwD85/1iK5tL1bxnxQmu/2Xrkd1+jl9Ut2OexIYmaFifAJf86Rjhu6V9ff6 m+mnJxNbBAJkvjLbXuvbllwzaVXvme2v+Yi6ny1SEyO/Vd8J8nNTvHPfHFwPG5/0 e8GxyqaK41f9gfAUGBFEKbPR1hSCUQEKFz6IWhROoP9AooyccVD639sRIF8kogvU Yi7vtamnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFDZTu/Es2bhQlg6yaAEO2zB ZTF+EwA4Oz5yKCJgkNCwf/zd4/SqL9HzUtpOhjhJwWgzwI+uAgW9iw1Z4lryB470 UNE5QIsIs1KuPh9UNNSVhyL5xZlI5A1Ygo7SAWj1xmlucIG6JiJJiRJPT53tn8Fm Y/hkgCLK1bY7Wp5Rk6ZpBxXlYkoVPly6nODijHRPQ1iRC6LqWOQx3p/ywWr3c+uG rlP8ciR42j2qL7evc98q8gYj3zl+DEhChDfcB5/CIClOQskyYfdIDBVRRNMjpyfL bg15Mr5zT8ib4Jiz8j9LnB6SAzWwsayiPISJgbzaWii4mOaEnax7fVyu3+YIswk= -----END CERTIFICATE----- I double-checked with the SSL provider and they told me everything is right. Now I don't know where the malfunctioning happened. Whether it is from ISPConfig in which the 'Delete' option not removing past SSL or somewhere else...
That certificate is expired. It may be the service using that certificate has not been restarted when certificate was renewed, so service is still using the old sertificate. Restart the service, then it uses the new certificate, if one exists. Or reboot the server, then all services get restarted.
Reasons can be that cert and key do not match or something similar, which prevents the server from restarting with the new cert. You can used debug mode to find out more. https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ and you should also check if the SSL cert that is saved correctly in the SSL folder of the site and as @Taleman mentioned, restart the http server or even the whole server.
How can I trigger exactly that service? can you let me know what command I must run in my Debian server command line?
Hi till How are you, bro sometimes processing your words takes time for me two questions, what do you mean by this "cert and key do not match"? I checked both files by https://www.sslshopper.com and realized decoded well. Also in the last part of the explanation, you mentioned checking whether SSL is saved in the folder of that site or not. this part wasn't clear to me
thanks wondering if is there another way to trigger the cron of the SSL section via the command line. Also, check whether is it saved or not!
That's described in the link I posted in #3 in this thread. So you enable debug mode and comment out server.sh in crontab, then do the action you want to debug like saving the SSL cert and then you run server.sh to see in detail what happens behind the scenes.
