Hi Guys, i am using ubuntu 20.04 and the newest ispconfig 3 the perfect server automatic installation. Thom said in another thread that my LE certificate expires, it should renovate automatically ( 10 days ago ) but it doesnt so something is wrong with the server. How can i check if a LE Cert expires? If there is no automatically renew of the certificate how should i proceed? In ispconfig uncheck the box LE Cert? and then set it again? or what should be the correct way to do it? thanks a lot for your kind help you guys are doing a really good work here
Hi there, i dont know that, its a mail server mx1.cl-i.net and thom told me the certificate is about to expire in this thread: Thom: Seems like there is a valid SSL cert for mx1.cl-i.net for the SMTP and IMAP ports. Be aware that the cert will expire in 20 days, it should be automatically renewed 10 days ago, so something is going wrong.
There is no certificate info in that other thread, so that would have been determined from your public services, eg. a quick check of mx1.cl-i.net smtp port shows: Code: Validity Not Before: Mar 6 14:10:13 2022 GMT Not After : Jun 4 14:10:12 2022 GMT Subject: CN = mx1.cl-i.net Was this certificate setup by the installer for the server's hostname? Have you created a website with that same name? You should be able to check the letsencrypt log to see why renewal is failing (cf. the letsencrypt error faq post for troubleshooting info).
Hi there, thanks for your answer. this certificate was setup by the installer for the servers hostname yes. there is a website mx1.cl-i.net but i am not sure it is created by the installer, i think i did not create the website. here is the logfile maybe you can see somthing: Code: tomdf@mx1:~$ cat /var/log/ispconfig/acme.log [Tue 17 May 2022 12:22:02 AM CEST] Running cmd: cron [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] ===Starting cron=== [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] GET [Tue 17 May 2022 12:22:02 AM CEST] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master' [Tue 17 May 2022 12:22:02 AM CEST] timeout= [Tue 17 May 2022 12:22:02 AM CEST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Tue 17 May 2022 12:22:02 AM CEST] ret='0' [Tue 17 May 2022 12:22:02 AM CEST] Already uptodate! [Tue 17 May 2022 12:22:02 AM CEST] Upgrade success! [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] Auto upgraded to: 3.0.5 [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] _stopRenewOnError [Tue 17 May 2022 12:22:02 AM CEST] _server [Tue 17 May 2022 12:22:02 AM CEST] _set_level='2' [Tue 17 May 2022 12:22:02 AM CEST] di='/root/.acme.sh/mx1.cl-i.net/' [Tue 17 May 2022 12:22:02 AM CEST] d='mx1.cl-i.net' [Tue 17 May 2022 12:22:02 AM CEST] _renewServer [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] DOMAIN_PATH='/root/.acme.sh/mx1.cl-i.net' [Tue 17 May 2022 12:22:02 AM CEST] Renew: 'mx1.cl-i.net' [Tue 17 May 2022 12:22:02 AM CEST] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory [Tue 17 May 2022 12:22:02 AM CEST] Using config home:/root/.acme.sh [Tue 17 May 2022 12:22:02 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue 17 May 2022 12:22:02 AM CEST] Skip, Next renewal time is: 2022-07-03T22:22:13Z [Tue 17 May 2022 12:22:02 AM CEST] Add '--force' to force to renew. [Tue 17 May 2022 12:22:02 AM CEST] Return code: 2 [Tue 17 May 2022 12:22:02 AM CEST] Skipped mx1.cl-i.net [Tue 17 May 2022 12:22:03 AM CEST] _error_level='3' [Tue 17 May 2022 12:22:03 AM CEST] _set_level='2' [Tue 17 May 2022 12:22:03 AM CEST] ===End cron=== tomdf@mx1:~$ thanks a lot for your kind help
The installer does not create a site for the hostname, so you must have created it manually. The problem with having such a site is that SSL cert renewals for the ISPConfig UI and mail and FTP will not work properly anymore acme.sh can't copy the certs to the ISPConfig SSL folder anymore. So you have a valid and renewd SSL cert at the moment, but it's in the wrong folder (the SSL folder of that website) and not the ISPConfig SSL folder /usr/local/ispconfig/interface/ssl/ One solution for your problem is that you replace the SSL cert, key and bundle file in the ISPConfig SSL folder with a symlink to the files in the website SSL folder.
thanks a lot for your reply. how can i do the symlink to replace the files ? i used this installer of ispconfig: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ For future installations should i not create a website in ispconfig like server1.mydomain.com? what would be a better way to avoid these problems? thanks a lot
