Dear, after upgrading some IPSConfig servers (debian v10) running IPConfig v3.5.1p2 to v3.2.1 (or v3.2. respectively) at least the cert of the control/master server of the IPSconfig farm got replaced with a self-signed one (after answering "y" to the renew question of the update script). a) What is the right way to setup an own cert for the management server so it remain intact after an update/upgrade? b) Why the update script asks te renew the certs of each server? For now we declined futher questions on other servers to update the certs. May this lead to any side effects or problems? On one server, a fresh installation twi weeks ago, running v3.2.1, the update stated: ... Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig Certificate exists. Not creating a new one. Reconfigure Crontab? (yes,no) [yes]: ... Best regards, cmks
Replace the certs in /usr/local/ispconfig/interface/ssl/. Take care to not change the file names. And don't choose to replace certs in futire updates when the updater asks. Each server has its own cert.
What purpose are these certs for? The farm only has one ISPConfig master server with an active management web-server. All other server are for services only, splitted by purpose (mail, web, mx, etc). Nevertheless all server asks to reissue certs while updating?
The certs can be used for Pure-FTPd, Postfix, Dovecot, etc. That's why it is offered for every server.