ISPConfig Admin Panel Subdomain SSL issue

This problem was fixed with the following solution presented in this thread:
https://forum.howtoforge.com/thread...ng-installation-dns-server-issue.86547/page-2

Esentially you have to disable SSL in
sudo nano /etc/nginx/sites-available/apps.vhost
sudo nano /etc/nginx/sites-available/ispconfig.vhost

Comment out the ssl lines as following:
#ssl_protocols TLSv1.2;
#ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
#ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;

Save/write, and proceed to update ispconfig: ispconfig_update.sh --force

Uncomment the lines in the previous step, and restart nginx. Then check for SSL for the webpanel

Hello ISPconfig family
I have successfully migrate a multiserver to a single server but now we are encountering an issue. The SSL certificate for the server hostname is self-signing only:

Code:

Checking / creating certificate for webserver.website.com
Using certificate path /root/.acme.sh/webserver.website.com
Using nginx for certificate validation
acme.sh is installed, overriding certificate path to use /root/.acme.sh/webserver.website.com
[Tue 30 Jan 2024 06:19:26 PM PST] Invalid status, webserver.website.com:Verify error detail:123.123.123.123: Fetching http://webserver.website.com/.well-known/acme-challenge/0YuIB451234h245yd5m9F5h24EtjL942hg245hVhs: Connection refused
[Tue 30 Jan 2024 06:19:26 PM PST] Please check log file for more details: /var/log/ispconfig/acme.log
Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
Could not issue letsencrypt certificate, falling back to self-signed.
Generating a RSA private key

I can access a test.txt file to the http://webserver.website.com/.well-known/acme-challenge/test.txt

The ispconfig update is also having issue as follows:

Code:

Operating System: Debian 10.0 (Buster) or compatible

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]:

Creating backup of "/usr/local/ispconfig" directory...
Creating backup of "/etc" directory...
Creating backup of "/root/.acme.sh" directory...
Checking MariaDB version 10.3.39 .. OK
Checking ISPConfig database .. OK
Starting incremental database update.
Loading SQL patch file: /tmp/ispconfig3_install/install/sql/incremental/upd_dev_collection.sql
Reconfigure Permissions in master database? (yes,no) [no]:

Reconfigure Services? (yes,no,selected) [yes]:

Configuring Postfix
Configuring Dovecot
Configuring Mailman
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring BIND
Configuring Pureftpd
Configuring nginx
Configuring Apps vhost
Configuring Jailkit
Configuring AppArmor
Configuring Ubuntu Firewall
Configuring Database
Updating ISPConfig
PHP Warning:  symlink(): No such file or directory in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 2957
Certificate exists. Not creating a new one.
Reconfigure Crontab? (yes,no) [yes]:

I have attempted to backup the certificate files in /usr/local/ispconfig/interface/ssl/ as follows in this instruction: https://forum.howtoforge.com/threads/panel-not-working-after-upgrade-to-3-2.85971/

I have also tried to update ISPConfig with a new cert using the nightly package, but the results are the same.

If anyone has any insight on properly installing a certificate for the webserver.website.com ISPadmin panel, I would greatly appreciate it.

Thank you

 

Just an update, if i remove the certificates from /usr/local/ispconfig/interface/ssl/
Then webserver nginx fails to run. When running ispconfig_update.sh --force
The certificate fails because nginx is not running and LE cannot find http://webserver.website.com/.well-known/acme-challenge/
Is there any workaround for this?