ISPConfig 3.11, Debian GNU/Linux 9.4 Stretch. Multiserver setup. I had Let's Encrypt working on a site, but for errors not related to Let's Encrypt itself things got muddy, and I turned off LE for that site while figuring out what is going on. Now those other things are fixed. But LE is not able to set up the certificate now. I have tried several times. In Debug mode starting server.sh from command line I get: Code: 21.04.2018-09:40 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 21.04.2018-09:40 - DEBUG - Found 1 changes, starting update process. 21.04.2018-09:40 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 21.04.2018-09:40 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 21.04.2018-09:40 - DEBUG - Verified domain mydomain.tld should be reachable for letsencrypt. 21.04.2018-09:40 - DEBUG - Verified domain www.mydomain.tld should be reachable for letsencrypt. 21.04.2018-09:40 - DEBUG - Create Let's Encrypt SSL Cert for: mydomain.tld 21.04.2018-09:40 - DEBUG - Let's Encrypt SSL Cert domains: --domains mydomain.tld --domains www.mydomain.tld 21.04.2018-09:40 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains mydomain.tld --domains www.mydomain.tld --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert not yet due for renewal Keeping the existing certificate 21.04.2018-09:40 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/mydomain.tld.conf. 21.04.2018-09:40 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/mydomain.tld/fullchain.pem exists. 21.04.2018-09:40 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web146/.php-fcgi-starter 21.04.2018-09:40 - DEBUG - Enable SSL for: mydomain.tld 21.04.2018-09:40 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/mydomain.tld.vhost 21.04.2018-09:40 - DEBUG - Apache status is: running 21.04.2018-09:40 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 21.04.2018-09:40 - DEBUG - Restarting httpd: systemctl restart apache2.service 21.04.2018-09:40 - DEBUG - Apache restart return value is: 0 21.04.2018-09:40 - DEBUG - Apache online status after restart is: running 21.04.2018-09:40 - DEBUG - Processed datalog_id 7417 21.04.2018-09:40 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. I tried removing all traces of the previous certificate, maybe I missed some since ISPConfig detects "fullchain.pem exists.". Despite the debug claiming "Writing the vhost file: /etc/apache2/sites-available/mydomain.tld.vhost" the time stamp on that file was not changed and it did not have the "<VirtualHost *:443>" part. I noticed the file has half the size of vhosts that did have a working LE certificate. I copied the stuff from other vhost and edited to match this site, but still no luck. I noticed the ssl/ directory for this site was empty, I had emptied it myself so now I created the symlinks there. The site still does not work with httpS, browser says "connection is not secure" and asks for security exception. The details reveal site is using an invalid security certificate, and indeed it is for another site. That other site is the default server for *:443, shown with apachectl -S. I do not know how to fix that, ran out of ideas so I'll ask here. Should I start from a clean slate and remove all traces of the existing certificate for this site? What all do I need to remove?
