lets encrypt full chain not generated

Title should be Lets Encrypt Full Chain Not Installed.
IspConfig is AMAZING. Thank you for your work.
On some of my sites on one server, the LE full chain files are not being installed, giving SSL errors. The certs are fine, just the full chain file is not added in.

I ran ispconfig_update.sh --force and Resync but the ones with missing full chain certs were not updated. The log files looked fine.

I unchecked the SSL and Lets Encrypt for the certs from the sites I knew about and then rechecked them and they were installed properly.
Is there any way to force all of the sites on a server to be renewed other than going through them one by one?

I really appreciate your help.

Richard Bartz

 

Thank you Till.
Resync did update a few of them when I ran it after forced update. I am not sure why the full chain certs were not installed on this server. I will watch the acme.log to make sure it is installing properly in the future.
Richard

 

In my mind, full chain installed just means it is copied to the website SSL folder from acme.sh folder, just like other LE certs, key or chain. Resync also effects all websites, based on vhost master in conf or conf-custom, if the later is available. However, your problem seems random, and affecting some, but not all, so I think, some of them may be active and some are not, because both only affect web sites that are active. Just a guess of what may be happening, and may be, gives some ideas on trouble shooting the problem.

 

Thank you Ahrasis.

There were several sites that were moved to this particular server same time ago that did not copy the full chain over when LE certs were automatically renewed recently. I have no idea why, the full chain cert was fine on other sites. When I turned LE and SSL off and then reset it on those sites, the full chain files were copied and the intermediate chain errors are resolved. Other sites that renewed not long ago were not affected.

Richard