ISPConfig - Let's Encrypt errors.

Discussion in 'Installation/Configuration' started by Bookworm, Mar 6, 2019.

Page 3 of 3
  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Sounds more like certbot problem to me. You can also try updating certbot to the latest but no guarantee it'll work.
     
    ahrasis, May 25, 2019
    #41
  2. Bookworm

    Bookworm Member

    It didn't. I'm going to end up doing a manual renewal of the various certs, then migrate to a new install.
     
    Bookworm, May 27, 2019
    #42
  3. reiermann

    reiermann New Member HowtoForge Supporter

    The problem is in /server/lib/classes/system.inc.php in public function create_relative_link($f, $t) the command
    $to = realpath($t);​
    changes
    /etc/letsencrypt/live/DOMAIN/privkey.pem​
    to
    /etc/letsencrypt/archive/DOMAIN/privkey7.pem​
    Now symlinks are created to the archive of let's encrypt instead to live directory.
    On renewal of a certificate by certbot the number in the certfiles are increased and the symlink from /etc/letsencrypt/live/ to /etc/letsencrypt/archive/ are updated from this point the symlinks in /var/www/DOMAIN/ssl link to the wrong file.
    A workaround ist to change the /server/lib/classes/system.inc.php
    old:
    $to = realpath($t);​
    new:
    if (strstr($f,'/etc/letsencrypt')) {
    $from = $f;
    } else {
    $from = realpath($f);
    }​
    A better solution would be to change public function request_certificates($data, $server_type = 'apache') in /server/lib/classes/letsencrypt.inc.php to not use create_relative_link($f, $t).

    The line
    if(strstr($to,'/etc/letsencrypt/archive/')) $to = str_replace('/etc/letsencrypt/archive/','/etc/letsencrypt/live/',$to);​
    in /server/lib/classes/system.inc.php in public function create_relative_link($f, $t) is not used.
     
    Last edited: Jun 22, 2019
    reiermann, Jun 22, 2019
    #43
    ahrasis likes this.
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Croydon, Jun 27, 2019
    #44
    ahrasis likes this.
  5. gacuxz

    gacuxz New Member

    This problem came to me from nowhere and solution from above worked! I found my letsencrypt.inc.php and system.inc.php in /usr/local/ispconfig/server/lib/classes/ under CentOS 7.6, then replaced them with ones from Croydon's post and rebooted server. Thank you!
    There was one catch though - I deleted /etc/letsencrypt/live/{domain} hoping it will be recreated before found this thread and /var/log/letsencrypt/letsencrypt.log gave me errors so after replacing .php files I had to delete /etc/letsencrypt/renewal/{domain} too.
     
    Last edited: Jul 9, 2019
    gacuxz, Jul 9, 2019
    #45
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Instead of replacing libs in an old version with the ones of the current version, better update to the whole installation to the current ISPConfig version.
     
    till, Jul 9, 2019
    #46
  7. gacuxz

    gacuxz New Member

    Yes, of course! Missed the last update, my bad. Updated to the latest 3.1.14p1 using
    Code:
    ispconfig_update.sh
    with default choices. Everything works just perfect. Thanks, Till!
     
    gacuxz, Jul 9, 2019
    #47
Page 3 of 3

Share This Page