And which ISPConfig version do you use? I just ran the /usr/local/ispconfig/server/scripts/letsencrypt_renew_hook.sh script here on a Debian 10 system and it works without errors.
Looks like a syntax error in that script, edit /usr/local/bin/letsencrypt_renew_hook.sh and change those lines from square [] brackets to parenthesis () and try again, eg. Code: if [ rpm -q pure-ftpd ]; then service pure-ftpd restart; fi becomes Code: if ( rpm -q pure-ftpd ); then service pure-ftpd restart; fi
Just noting that the installer will create a temporary symlink like this which is removed and set to /usr/local/ispconfig/server/scripts/letsencrypt_renew_hook.sh later on, it would seem the installation got interrupted and did not complete correctly at some point.
centos 8 maybe slightly related - anyone know centos 8 well enough to know if a php upgrade from 5.6 to 7.4 is safe? or might it break something>>
well still have no clue WHERE things are failing or where I need to look! read the FAQ. 1) upgraded ispconfig to current, and picked reconfigure services. 2) server migration NOT checked. 3) not behind NAT 4) olsheskydesign.com is hosted, and loads fine. when I tick and save the SSL and Letsencrypt boxes (a few minutes ago) the log at /root/.acme.sh contains: 5) skip letsencrypt NOT checked under server/web/ssl --snip-- [Sun Nov 21 00:16:02 EST 2021] ===End cron=== [Sun Nov 21 14:52:13 EST 2021] Running cmd: upgrade [Sun Nov 21 14:52:13 EST 2021] Using config home:/root/.acme.sh [Sun Nov 21 14:52:13 EST 2021] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Sun Nov 21 14:52:13 EST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Nov 21 14:52:13 EST 2021] Retrying GET [Sun Nov 21 14:52:13 EST 2021] GET [Sun Nov 21 14:52:13 EST 2021] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master' [Sun Nov 21 14:52:13 EST 2021] timeout= [Sun Nov 21 14:52:13 EST 2021] displayError='1' [Sun Nov 21 14:52:13 EST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Sun Nov 21 14:52:13 EST 2021] ret='0' [Sun Nov 21 14:52:13 EST 2021] _hcode='0' [Sun Nov 21 14:52:13 EST 2021] Already uptodate! [Sun Nov 21 14:52:13 EST 2021] Upgrade success! [Sun Nov 21 14:52:13 EST 2021] Running cmd: setdefaultca [Sun Nov 21 14:52:13 EST 2021] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory --snip-- and no SSLs are created. in the /root/.acme.sh folder: --snip-- drwx------ 7 root root 245 Nov 20 00:16 . dr-xr-x---. 10 root root 4096 Nov 19 10:53 .. -rw-r--r-- 1 root root 291 Nov 21 14:52 account.conf -rwxr-xr-x 1 root root 209862 Nov 20 00:16 acme.sh -rw-r--r-- 1 root root 78 Apr 18 2021 acme.sh.csh -rw-r--r-- 1 root root 78 Apr 18 2021 acme.sh.env -rw-r--r-- 1 root root 71221 Nov 21 14:52 acme.sh.log drwxr-xr-x 3 root root 50 Apr 18 2021 ca drwxr-xr-x 2 root root 4096 Nov 20 00:16 deploy drwxr-xr-x 2 root root 4096 Nov 20 00:16 dnsapi -rw-r--r-- 1 root root 1227 Nov 21 14:52 http.header drwxr-xr-x 2 root root 4096 Nov 20 00:16 notify drwxr-xr-x 2 root root 239 Nov 19 08:05 ns2.odesigngroup.com [root@ns2 .acme.sh]# --snip-- ns2.odesigngroup.com is a website hosted here. odesigngroup.com itself is hosted elsewhere. is that a problem? we do NOT have a website odesigngroup.com or www.odesigngroup on the server. I did create ns2.odesigngroup.com as a vhost and thats what I've been ticking and trying to invoke SSL. n2.odesigngroup.com is also our hostname. now the website olsheskydesign.com is present, working and hosted on this server. its what I ticked SSL & LETSCNRYPT and saved. now ispconfig does not have a good cert itself. but the above does not indicate it even tried to create anything for olsheskydesign. or for ispconfig. hmm where do i look now? looks like only thing left is to turn on ispconfig debugging. how would that help? also - when I tick SSL and LETSENCRYPT - whats run as a cron job? has it got its own log? or is it just running /root/.acme.sh? inquiring minds want to understand! cdb.
If you followed the FAQ you would have run the server.sh script in debug mode and shared the output. So please do.
The hostname should not be created as a website. That's probably caused by the website of the hostname that you created. acme.sh is able to have only one target for an SSL cert. By creating that site, you disconnected the cert from ispconfig and told acme.sh to only update the cert in that site in future and let the cert in ispconfig, postfix, dovecot and pure-ftpd expire. So the first step is that you delete that website with the name of the server hostname. Then you probably might have to remove the SSL cert for the hostname using "acme.sh --remove" command and then run an ispconfig update with reconfigure services and let ispconfig create a new SSL cert during update. That's what you see when you turn on debugging.
letsencrypt problem popped up back on main server (where things seemed fixed from before!!) I got the 'letsencrypt failed' email for mazdaworld.net. checked the logs and find: 2021-12-19 03:04:30,988:WARNING:certbot._internal.renewal:Attempting to renew cert (mazdaworld.net) from /etc/letsencrypt/renewal/mazdaworld.net.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/cc8c0d2896e324963a8806c0805adc9d does not exist. Skipping. infact the directory /acme.v01.api.letsencrypt.org/directory/cc8c0d..etc does not exist. another folder is in that directory - 6476580782071d4d31e788842978bc53 now, disabling the site and reenabling DOES work - it gets a new cert. but any idea why the folder under /acme.v01.api.letsencrypt.org/directory would change? and when it does change, does ispconfig not realize its changed and tries renewing based on the old account folder? very odd!
The folder does not change and ssl cert renewal is done by certbot, not ISPConfig, so ispconfig does not ecen needs to know which certbot account is used. You probably removed a duplicate account before and the certbot renewal config still contained the old account, it got fixed by letting ISPConfig reissue a new cert based on the current account.
