Running ispconfig_update.sh --force shows Code: Configuring Ubuntu Firewall Configuring Database Updating ISPConfig Certificate exists. Not creating a new one. Reconfigure Crontab? (yes,no) [yes]: The existing certificate is self-signed created when I installed host. Now I need to get LE certificate. This is an e-mail host, I need cert for postfix and dovecot. Why on this host I am not asked Code: Create new ISPConfig SSL certificate (yes,no) [no]:
I did run it twice. Trying third time now. ... Same thing. Is it because this e-mail server host is not a web server host? Code: Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.kIUHrMsZYu/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: yes Service 'web_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: WARNING: If ISPConfig-Interface (Webfrontend) is installed on this Server we will configure the Web Server anyways but will not enable it in ISPConfig. Service 'db_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Rspamd Configuring Getmail Configuring Ubuntu Firewall Configuring Database Updating ISPConfig Certificate exists. Not creating a new one. Reconfigure Crontab? (yes,no) [yes]:
No, it states "Certificate exists. Not creating a new one." If you delete the cert from the /usr/local/ispconfig/interface/ssl folder, it should work, but Apache might not be able to restart. Just for sure, comment out the ssl lines from the ispconfig and apps vhost and then do the forced update.
Now I got the certificate go create. I can not get certicate to show. Testing with sshshopper.com says No SSL certificate were found. I tested with telnet to port 443 I could get to the host. This host is e-mail server only, no websites so I can not create website in ISPconfig and make LE certificate for that. But the FQDN is the hostname I want to use for mailname.
ssl-tools.net/mails shows valid certificate. The ispconfig_update.sh looks like does not set up sertificates for other services to use, when run on separate email server.
New fix should allow overriding self-signed certs but I forgot whether that was finished and merged, or not yet. As far as I remember, the previous 3.2 code allows creating ssl for non-web server, for all supported services, I am not sure why it did not work on yours. It does need to temporarily open port 80 though, but you don't to do anything as the installer / updater will do that for you, supposedly. Any logs?
I think I have now working certificates for postfix and dovecot. Remains Roundcube, it is installed on the e-mail server host. Browser shows no certificate for URL/webmail.
Got it working. Noticed default-ssl was not enabled, Code: a2ensite default-ssl Then redirect http to https for the servername, found instructions using Internet Search Engines Code: force http to https apache ssl_default Now the migrated system seems to work fully, and better than before. Thanks ISPConfig project, Migration tool and forum members. Debian 10 Buster and ISPConfig 3.2.2.
Glad you resolved it By the way, another option for creating the certs is https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ - I like to split out the hostnames for smtp and imap, and in that case, this way is necessary.
Does that method work if e-mail server does not have websites on the server? I understand it would work for server that is both e-mail and web server. It may not be big deal to enable websites in ISPConfig on the e-mail server, biggest drawback is then I must remember to check on which server new website is created.
You have to enable the web service, but you can set a default webserver to prevent creating a website on the wrong server.