Hi. Creating Lets Encrypt works for new domains. When testing on an old domain with previous selfsigned cert we get two emails with errorcode: 1. 15.11.2016-15:59 - WARNING - Falsche Anfrage / Wrong QuerySQL-Query = UPDATE web_domain SET `ssl` = 'n', `ssl_letsencrypt` = 'n' WHERE `domain` = 'xxxxx.xx' -> 1143 (UPDATE command denied to user 'ispcsrv16'@'multiserver.hidden' for column 'ssl' in table 'web_domain') 2. 15.11.2016-15:59 - WARNING - Let's Encrypt SSL Cert for: xxxxx.xx could not be issued. Both emails is sent by the node, not master. The ispcsrv16 user exists only on master. No certificate is created in the /ssl nor in /etc/letsencrypt/live/. This is a multiserver with 3.1.1p1 latest + Debian Jessie. Anyone has a clue on how to fix this ?
Maybe yiu did not chose "reconfigure permissions in master database" while updating the slaves to ispconfig 3.1? Run an ispconfig update on a slave again and select this option during update, it should fix the issue for all servers.
Actually i did once. Now i did rerun update and the first error email is gone, strange. Found the problem in debug log now, the domain had two domainalias, that was not setup correctly in DNS (due to testing). I never thought that Letsencrypt also tried to create cert also for aliases. Case closed.
Actually, the DNS was set correctly, i guess that Letsencrypt failed when it tried to register extra domainname. Then i added the alias, deactivated LetsEnct, activated LetsEncypt, it still worked. (firefox warns some of the alias ofc). So this need some more testing to be sure on how it works.
ispconfig adds all alias and subdomains to an SSL cert that exist for this website when you activate letsencrypt.
Regarding the "Reconfigure Permissions", it looks like it MUST be run on every server in multiserver in upgraded 3.1.1 (just for the record incase other people looks here). In 3.0.5 the instructions was to run it once in multiserver setup on one slave. I guess it cant hurt to run it everytime just to be sure (if there is some new columns).
Running it on one server should fix all servers (at least this was the case in 3.0.5. and I'm not aware that this code has been changed), but it does not hurt to run it on each server to be sure.
I have lots of diffrent warnings from all our servers like this, so after reconfigure permissions, they wont come back: WARNING - Falsche Anfrage / Wrong QuerySQL-Query = DELETE FROM mail_backup WHERE server_id = 19 AND parent_domain_id = 'xxx' AND mailuser_id = 'xxx' -> 1142 (DELETE command denied to user 'ispcsrv19'@'xxx' for table 'mail_backup')