Ok, but the auto installer do the latter, right? And has done it from its (auto installer) release? I have only used the auto installer for the all current servers, and I have looked at all of them, and none have symlinks in /usr/local/ispconfig/interface/ssl/.
This is what they should be if you used the auto installer because it will only install acme.sh and acme.sh does not symlink but install (copy) the LE certs obtained to that folder. But then the certs should renew fine. In your case the LE certs in ISPConfig folder were symlinked (like you were using certbot or did it manually) which should not be if you install clean using the auto installer. Hence your problem with auto renewal. This is not true and no is the answer for both. Your problem is the later as I mentioned above and must be fixed accordingly.
What I can find when I search the code is that the hook creates the .pem file from the .crt and .key files. I can't however find out how the .crt and .key files are created and renewed. That is the mystery for me now. If they are supposed to be symlinks, I understand, but if they are not, I don't understand. Edit: From https://www.howtoforge.com/communit...encrypt-certificate-when-using-acme-sh.86950/ I understand the files (.crt and .key) are created from the install script, but how are they renewed if they are not symlinks? The hook does not do it as I can understand it.
Well, I guess I missed reading a post or two. So your problem is due to creating the website using server fqdn thus forcing acme.sh to change to install a copy of the certs to your website instead of ISPConfig ssl folder which was set earlier. Which is what I do not like about acme.sh approach done when the new installer is configured, install (copy) LE certs instead of symlinking them like we do using certbot. At this stage I cannot analyze properly the result if you choose to follow @till solution in symlinking the same because the catch is the way we designed the installer with automatic update of ispserver.pem. I am sorry for the misunderstanding but I think this issue should be best reported, tracked and resolved in git.
I did run into the same problem. I did this... Code: cp /usr/local/ispconfig/interface/ssl/ispserver.key /usr/local/ispconfig/interface/ssl/ispserver.key.org rm /usr/local/ispconfig/interface/ssl/ispserver.key ln -s /root/.acme.sh/vps2.oke-it-services.nl/vps2.oke-it-services.nl.key /usr/local/ispconfig/interface/ssl/ispserver.key cp /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.crt.org rm /usr/local/ispconfig/interface/ssl/ispserver.crt ln -s /root/.acme.sh/vps2.oke-it-services.nl/fullchain.cer /usr/local/ispconfig/interface/ssl/ispserver.crt Edit 1: This is on Debian 10.9 and ISPConfig 3.2.4. Edit 2: I did restart apache2, dovecot + postfix afterwards.
