I was using certificate which expired. I requested new one with new private key and request file. But when I add new certificate to ISPConfig vhost, even after running Code: /usr/local/ispconfig/server/server.sh the new certificate wont be accepted by ISPConfig and is still using the old one which expired, so my site is not working with HTTPS. Is there possibility that ISPConfig have this old certificate stored somewhere? I also deleted content of SSL folder in my vhost but did not worked either. Site is working with generated Let's Encrypt certificate.
The cert is stored in ISPConfig DB (that what you see in the UI) and in the ssl folder of the site (when you choose 'save certificate' as option in ISPConfig UI). There are no other places where it is saved.
I deleted content of /var/www/vhost/ssl/ but there is no change. It still wont use new certificate which I provided. Checked modulus of key and certificate and it's same so there is not issue in cert/key pair.
Use the debug mode and post the exact debug messages that you get when you save the new ssl cert with 'save certificate' action. https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ ISPConfig rejects a cert only in the case that ssl cert and key don't match, that the key is encrypted so apache would fail on boot or that apache does not start at all with that cert.
Nothing specific there... Code: Tue Feb 5 09:56:02 CET 2019 setquota: Not setting inode grace time on /dev/vda1 because softlimit is not exceeded. Tue Feb 5 09:56:08 CET 2019 setquota: Not setting block grace time on /dev/vda1 because softlimit is not exceeded. Tue Feb 5 09:56:08 CET 2019 setquota: Not setting inode grace time on /dev/vda1 because softlimit is not exceeded. Tue Feb 5 09:56:19 CET 2019 finished. Tue Feb 5 09:57:01 CET 2019 Tue Feb 5 09:57:01 CET 2019 Tue Feb 5 09:57:01 CET 2019 finished. finished.
You did not enable debugging. See the link that I posted above on how to enable debugging and get debug output.
Not much changed after setted up to debug. setquota: Not setting block grace time on /dev/vda1 because softlimit is not exceeded. setquota: Not setting inode grace time on /dev/vda1 because softlimit is not exceeded. setquota: Not setting block grace time on /dev/vda1 because softlimit is not exceeded. setquota: Not setting inode grace time on /dev/vda1 because softlimit is not exceeded.
Had to delete all files with the domain which were not able to renew Let's Encrypt certificate from /etc/letsencrypt/ and disable and enable ssl in ISPConfig.
