I have a site, let's call it example.com, with an alias domain, lets call it ex.com. I enabled SSL and LE SSL on example.com before I added ex.com as an alias. So the cert was created without the alias in the SAN. I removed SSL from the site and re-added it, but it reused the old cert instead of recreating a new one with the added Alias domain. How can I fix this and have ISPConfig force LE to regen the cert?
You could delete the old certs before trying to reissue the new certs. In debian / ubuntu to delete them you can run: "rm -rf /etc/letsencrypt/*/example.com*"
That let it regen the cert, but the alias domain still does not work. The SAN name does NOT include the alias
Try to access your alias domain before requesting for the new certs; is it working? Also check the vhost file to see whether the alias domain is already included.
You mean the alias domain using HTTP? Yes, it works with HTTP. With HTTPS, it does not. In my prior post when I said the Alias domain doesn't work, I meant the cert was invalid. The site did come up if I ignored the cert warning; What didn't work was the alias domain wasn't added to the SAN in the Cert.
Anyone know if this is a ISPConfig bug with Alias domains and LetsEncrypt or if I'm doing something wrong?
Checks your log files. Use the faq as your guides. The LE SSL certs are not updated for reasons that we do not know as you did not provide a detail info. I personally don't think it is a bug since others are adding alias domain just fine to their LE SSL certs. The steps in doing it were discussed so many times. Add alias domain and save, then uncheck the SSL button in the main domain and save, then re-check the LE buttom in the main domain and save, and wait for LE to process. If failed, check the LE logs as they will tell you what you did wrong, not us here, as we do not know what and how you did it.
The problem was I had checked in the AliasDomain the box "Don't add to LetsEncrypt Certificate" when I created it because I didn't originally have SSL enabled... So that was the issue DOH! Thank you VERY MUCH!
It is buggy anyway, i cant use lets encrypt because i had example.ddns.com alias before for example.com but now deleted to use lets encrypt, but cert creation always want to make cert for delete aliases too. i have removed all form /etc/letsencrypt/*/example.com but nothing happend. Where are come this setting and how can i modify ispconfigs cert creation settings ?
rm -rf /etc/letsencrypt/*/example.com* Note the star at the end. Your example.ddns.com probably got too many requests and as such failed. Do not use it to apply Lets Encrypt certs together with any other domains.
thx the quick answer, i will try it next time again, but now i have had fix some domain ASAP manually. If i run cacert manually with given domain thats ok, but in log still remain tried domain example.ddns.net after rm -rf /etc/letsencrypt/*/example.com* where search ispconfig domain aliases to run cacert ? i have removed it from ispconfig too of course
The domains used in an ssl cert are all listed in the domain alias or subdomain or website list in ispconfig. Ensure that you log in as admin, maybe your current user has no permission to see them.
