ISPConfig Upgrade / certs replaced with self-signed ones

Discussion in 'ISPConfig 3 Priority Support' started by cmks, Jan 8, 2021.

  1. cmks

    cmks Member HowtoForge Supporter

    Dear,
    after upgrading some IPSConfig servers (debian v10) running IPConfig v3.5.1p2 to v3.2.1 (or v3.2. respectively) at least the cert of the control/master server of the IPSconfig farm got replaced with a self-signed one (after answering "y" to the renew question of the update script).
    a) What is the right way to setup an own cert for the management server so it remain intact after an update/upgrade?
    b) Why the update script asks te renew the certs of each server?

    For now we declined futher questions on other servers to update the certs. May this lead to any side effects or problems?

    On one server, a fresh installation twi weeks ago, running v3.2.1, the update stated:

    ...
    Configuring Apps vhost
    Configuring Jailkit
    Configuring Ubuntu Firewall
    Configuring Database
    Updating ISPConfig
    Certificate exists. Not creating a new one.
    Reconfigure Crontab? (yes,no) [yes]:
    ...

    Best regards,
    cmks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Replace the certs in /usr/local/ispconfig/interface/ssl/. Take care to not change the file names. And don't choose to replace certs in futire updates when the updater asks.

    Each server has its own cert.
     
  3. cmks

    cmks Member HowtoForge Supporter

    What purpose are these certs for? The farm only has one ISPConfig master server with an active management web-server. All other server are for services only, splitted by purpose (mail, web, mx, etc). Nevertheless all server asks to reissue certs while updating?
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The certs can be used for Pure-FTPd, Postfix, Dovecot, etc. That's why it is offered for every server.
     

Share This Page