Invalid certificates

HI all
Some time ago I had a problem with the certificates not being secure, in my ignorance, I messed around with it and fobar'd it up.
Well, it seems to have occurred again, this time I have done nothing in the hope I can locate the issue and create an automation for updating the certificate.
I was asked last time to give the output of

Code:

ls -la /usr/local/ispconfig/interface/ssl/

So here it is again

Code:

# ls -la /usr/local/ispconfig/interface/ssl/
total 32
drwxr-x--- 2 root      root      4096 Jun 21 00:19 .
drwxr-x--- 9 ispconfig ispconfig 4096 Apr 20 11:07 ..
-rwxr-x--- 1 root      root        45 Jun  9 17:51 empty.dir
-rwxr-x--- 1 root      root      3445 Apr 20 11:07 ispserver.crt
-rwxr-x--- 1 root      root      1675 Apr 20 11:07 ispserver.key
-rw------- 1 root      root      5120 Jun 21 00:19 ispserver.pem
-rwxr-x--- 1 root      root      3172 Apr 20 12:08 ispserver.pem-210621001915.bak

Any help or pointers would be very much appreciated
Many thanks in advance
Martin

PS. Sorry, I think I previously posted this as a conversation to Till and Th0m.

 

If this is about Let's Encrypt certificates, there is Let's Encrypt Error FAQ in https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
which should show why certificate can not be created.

 

Unless you are using acme.sh, that seems like self-signed certs. If you are using acme.sh that could be expired LE certs. If they are the later, you server has not renew the certs automatically. If it is the former, try force update ISPConfig and get LE certs. If that failed, check LE FAQ to troubleshoot as mentioned by @Taleman.

 

Thank Taleman
But not sure what I'm looking for as the install guide

Code:

https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/

states:-

Code:

11 Install Let's Encrypt
ISPConfig is using acme.sh now as Let's Encrypt client. Install acme.sh using the following command:

curl https://get.acme.sh | sh -s

Which I followed
Nothing is said about continually updating certificates

 

How do I force an update?

 

ispconfig_update.sh --force

Before you update, is this server quite new? Has you been using acme.sh from the beginning or you migrated from certbot?

 

I used the guide as stated above I have been updating and upgrading the server on a regular basis

 

In that case Till have I missed something out?

 

I have the following output

Code:

# ls /root/.acme.sh
account.conf  acme.sh.env  deploy  gregson.me.uk  martin.gregson.me.uk  trick-e-tronics.co.uk
acme.sh       ca           dnsapi  http.header    notify
# hostname -f
martin.gregson.me.uk

 

Sorry if I am confusing the issue but it seems like the cert is not working ONLY on port 8080 to ISP control pannel

All other sites are working fine

Code:

https://martin.gregson.me.uk
https://martin.gregson.me.uk:8080

 

Hi Till

Yes I have a site in ISP martin.gregson.me.uk

As far as I am aware I am using acme.sh for my SSL certs as per the guid

 

I have only just noticed but I have 4 jobs in the job queue pending but that is to update my NS2 server, I don't think that will be an issue for this problem

 

Edit
Never mind on this point I found the solution...

However, still have cert problem with port 8080

 

Good morning Till
Seems you are right, after fixing the job queue issue I left it over night and when I just came back to it port 8080 is now secure

Would you say I still need to create the symlinks if so, which certs need to be symlinked to my local ISP control pannel site?

 

Yes, I agree ... if it ain't broken don't fix it !!!

THanks one and all