Hello, I have a issue with the Let’s Encrypt Certificate after migration from a Debian 10 server with ISPconfig3.1x to Debian 10 with ISPconfig 3.2x. Source server: Debian 10 server with ISPconfig3.1x Target server. Debian 10 with ISPconfig 3.2x. I have a license of ISPconfig Migration Tool, I installed the migration tool in source server according to instructions found at https://www.howtoforge.com/tutorial...-confixx-plesk-to-ispconfig-31-single-server/ After performing the migration, the log showed the following (last lines): ================== 2021-01-21 00:54:03 - [INFO] Found 0 invoice sepa xml export entries. 2021-01-21 00:57:32 - [INFO] Successfully executed command PHP=$(which php) && $PHP -r "print PHP_VERSION;" 2021-01-21 00:57:52 - [INFO] File ~/.my.cnf does not exist. 2021-01-21 00:57:52 - [INFO] File /etc/mysql/debian.cnf exists. 2021-01-21 00:57:52 - [INFO] File /root/migration/v71/my-e3WOwO successfully transferred. 2021-01-21 00:57:53 - [INFO] Successfully executed command mysql -h 'localhost' -u 'root' -p'EnkNAGqB8bzXfQEUkapA' -e "SELECT VERSION();" 2021-01-21 00:57:53 - [INFO] Successfully executed command mysql -h 'localhost' -u 'root' -p'EnkNAGqB8bzXfQEUkapA' -s -e "SELECT @@max_allowed_packet;" 2021-01-21 00:57:53 - [INFO] Config file saved. 2021-01-21 00:57:53 - [INFO] Directory /etc/letsencrypt does not exist. 2021-01-21 00:57:54 - [INFO] Directory /root/.acme.sh exists. 2021-01-21 00:57:54 - [WARN] The target server has a different Let'sEncrypt client than this server. We cannot copy over certificates! ====================== As you can see in the last line, there was a issue with the SSL. The site (email) is working well, except that the web page can not be shown over internet because the Let’s Encrypt certificate is not present. Upon checking target server I found that Let's encrypt was not installed. I installed it by running: apt-get install certbot In the target server I see that in /var/www/clients/client1/web2/ssl/ there are three entries or symlinks like this: root@mail:/var/www/clients/client1/web2/ssl# ls mysite.com-le.bundle mysite.com-le.crt mysite.com-le.key My question is: How could I install or reinstall the Let’s Encrypt certificate for the site? Any feedback will be appreciated. Regards, Martin
Perhaps you had acme.sh installed on that new server? How was ISPConfig installed originally? The auto-install script by ISPConfig installs acme.sh. So maybe it was a mistake to install certbot if you now have both acme.sh and certbot.
Hello Taleman, Thank you for your post. In the target server ISPConfig was installed by the ISPConfig Install script found at: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller How could I check if acme.sh is installed? I look forward for any feedback or ideas. Regards, Martin
What shows Code: dpkg --list | grep -i acme and Code: # ls -lh /root/.acme* You could also do this just in case: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Hi Taleman, Thank you for your post. Here the information about acme. root@mail:~# dpkg --list | grep -i acme ii python3-acme 0.31.0-2 all ACME protocol library for Python 3 root@mail:~# ls -lh /root/.acme* total 236K -rw-r--r-- 1 root root 225 ene 22 11:13 account.conf -rwxr-xr-x 1 root root 203K ene 20 19:22 acme.sh -rw-r--r-- 1 root root 78 ene 20 19:22 acme.sh.env drwxr-xr-x 3 root root 4,0K ene 22 08:51 ca drwxr-xr-x 2 root root 4,0K ene 20 19:22 deploy drwxr-xr-x 2 root root 4,0K ene 20 19:22 dnsapi -rw-r--r-- 1 root root 230 ene 22 11:13 http.header drwxr-xr-x 3 root root 4,0K ene 22 08:51 mysite.com <=== edited fo drwxr-xr-x 2 root root 4,0K ene 20 19:22 notify =========== It seems that acme.sh installed and also certbot is installed (I installed manually). Below the output ispconfig test script: ============== root@mail:~# wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php ##### SCRIPT FINISHED ##### Results can be found in htf_report.txt To view results use your favourite text editor or type 'cat htf_report.txt | more' on the server console. If you want to see the non-anonymized output start the script with --debug as parameter (php -q htf-common-issues.php --debug). root@mail:~# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 12:44:36 up 1:51, 2 users, load average: 0,00, 0,00, 0,00 [INFO] memory: total used free shared buff/cache available Mem: 986Mi 314Mi 124Mi 43Mi 546Mi 486Mi Swap: 1,0Gi 509Mi 514Mi [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.26-1+0~20210112.74+debian10~1.gbpd78724 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 889) [INFO] I found the following mail server(s): Postfix (PID 1139) [INFO] I found the following pop3 server(s): Dovecot (PID 619) [INFO] I found the following imap server(s): Dovecot (PID 619) [INFO] I found the following ftp server(s): PureFTP (PID 977) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:143 (619/dovecot) [anywhere]:465 (1139/master) [anywhere]:21 (977/pure-ftpd) ***.***.***.***:53 (634/named) [localhost]:53 (634/named) [anywhere]:22 (627/sshd) [anywhere]:25 (1139/master) [localhost]:953 (634/named) [anywhere]:4190 (619/dovecot) [anywhere]:993 (619/dovecot) [anywhere]:995 (619/dovecot) [localhost]:11332 (659/rspamd [localhost]:11333 (659/rspamd [localhost]:11334 (659/rspamd [localhost]:10023 (717/postgrey) [anywhere]:587 (1139/master) [localhost]:6379 (656/redis-server) [localhost]:11211 (593/memcached) [anywhere]:110 (619/dovecot) [localhost]43 (619/dovecot) *:*:*:*::*:8080 (889/apache2) *:*:*:*::*:80 (889/apache2) *:*:*:*::*:465 (1139/master) *:*:*:*::*:8081 (889/apache2) *:*:*:*::*:21 (977/pure-ftpd) *:*:*:*::*:53 (634/named) *:*:*:*::*:22 (627/sshd) *:*:*:*::*:25 (1139/master) *:*:*:*::*:953 (634/named) *:*:*:*::*:443 (889/apache2) *:*:*:*::*:4190 (619/dovecot) *:*:*:*::*:993 (619/dovecot) *:*:*:*::*:995 (619/dovecot) *:*:*:*::*:11332 (659/rspamd *:*:*:*::*:11333 (659/rspamd *:*:*:*::*:11334 (659/rspamd *:*:*:*::*:10023 (717/postgrey) *:*:*:*::*:3306 (718/mysqld) *:*:*:*::*:587 (1139/master) *:*:*:*::*:6379 (656/redis-server) [localhost]10 (619/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multi port dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dp orts 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 root@mail:~# ========================= Help and assistance will be appreciated. Regards, Martin
1) Uninstall acme.sh. 2) Check that all old certs are there in /etc/letsencrypt/... 3) Run Tools > resync in ISPConfig on the new server, it should find the existing certs and add them to the websites.
Hi Till, Thank you for your post. The issue has been fixed. This is what I did 1.- I uninstalled acme.sh 2.- the old certs were not present in new (target) server. I transferred from old server by rsync. 3.- I enabled SSL and Lets Encrypt in Sites ISPconfig.... 4.- The page loads fine with SSL I did not performed - Run Tools > resync in ISPConfig on the new server. Is it still necessary? Thank you for your help and assistance. Regards, Martin
No. It just would have saved step 3, but only if the SSL and let's encrypt checkboxes were active before.