Hi. I have SSL setup with https://acme.sh. Before, with ISPC 3.1.13, I had no problens with it but, after I've updated to ISPC 3.1.14p2, I can no longer change anything in Site/Web Domain in the panel, or ISPC will remove the SSLCertificateChainFile line from /etc/apache2/sites-enabled/100-domain.com.vhost file and get the SSL defective. In the panel Web Domain/Domain tab, I have the SSL option ticked on and the Letsencrypt option ticked off. In the SSL tab I have HTTP2 ticked on. Setup: Slave ISPC domain.com: Ubuntu 16.04.2 / PHP 7.1.31 / Apache 2.4.39 Master ISPC Panel: Ubuntu 10.04.4 / PHP 5.3.2 Acme install cert command line: Code: /usr/local/acme.sh/acme.sh --home /usr/local/acme.sh --install-cert -d domain.com --cert-file "/var/www/domain.com/ssl/domain.com.crt" --key-file "/var/www/domain.com/ssl/domain.com. key" --fullchain-file "/var/www/domain.com/ssl/domain.com.bundle" Is this an ISPC 3.1.14 bug? If no, there is something I can do to prevent this unwanted change? Thank you.
This is no bug. The SSLCertificateChainFile directive is deprecated, Apache 2.4.8 and newer expect the chain cert(s) inside the ssl cert file, a separate chain file is not used anymore and therefore the directive needs to be removed.
Thank you for the quick answer. If there is a way to get acme.sh to install the cert file like this, I was unable to find it. I guess that rollback to ISPC to 3.1.13 will maybe be my temporary/definitive solution. If someone knows how to "fix" that, please, let me know.
Why don't you use the builtin Let's encrypt functionality from ISPConfig which handles SSL files for newer Apache versions correctly? And regarding acme.sh, just run a second command afterwards which appends the bundle to the cert file.
I tryed to use the builtin option, but I was unable to get letsencrypt stuff to run on my old Ubuntu 10.04 installations. Acme.sh comes to my rescue and so I spread it to all my servers. Wow! Just a Code: cat /var/www/domain.com/ssl/domain.com.bundle >> /var/www/domain.com/ssl/domain.com.crt Gona try. Thank you so much
I think that will work. You can always use a customized vhost template by simply copying default in server/conf folder to server/conf-custom and modify it. However the best way for the future I think is to fix this command by choosing to name the file right so crt will always use fullchain, which I believe will be very useful especially upon renewal.
Now I understand it. The right install command will be Code: /usr/local/acme.sh/acme.sh --home /usr/local/acme.sh --install-cert -d domain.com --key-file "/var/www/domain.com/ssl/domain.com. key" --fullchain-file "/var/www/domain.com/ssl/domain.com.crt" since the cert content is inside the fullchain bundle file as well. Thank you.
