Hmmmm, that should be changed IMHO. Can you open an issue at https://git.ispconfig.org/ispconfig/ispconfig3/issues ?
so my strategy is for now: Set all sites to non-ssl in ISPconfig Delete all directories in ../live ../archive ../renewal in /etc/letsencrypt. Delete all symlinks in /var/www/*/ssl Set all site to ssl in ISPconfig is that the proper way to reset the mechanism and set new certificates? Or must i change entries in the ispconfig database? edit: it should not be necessary to set all sites to non-ssl. i can skip point 1 and 4 and only resync the ispconfig website data after point 3.
The LE certs point to the live folder and not the archive folder, take a look at the sourcecode (from current ISPConfig git stable release): Code: $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem"; $webroot = $data['new']['document_root']."/web"; Maybe your system is not up to date or you use a cert party LE implementation and not the orignal code form ispconfig?
You can find it in the apache2 plugin in /usr/local/ispconfig/server/plugins-available/ and some similar code in the nginx plugin as well.
that's weird. ispconfig is 3.1.1p and the letsencrypt installation ist from a "how to perfect server" tutorial. Installed is certbot-auto in /opt/certbot the code is similar to yours.. Code: $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem"; $webroot = $data['new']['document_root']."/web"; and this is in the ssl folder: Code: lrwxrwxrwx 1 root root 73 Dez 16 09:02 mydomain.de-le.bundle -> ../../../../../../etc/letsencrypt/archive/mydomain.de/chain1.pem lrwxrwxrwx 1 root root 72 Dez 16 09:02 mydomain.de-le.crt -> ../../../../../../etc/letsencrypt/archive/mydomain.de/cert1.pem lrwxrwxrwx 1 root root 75 Dez 16 09:02 mydomain.de-le.key -> ../../../../../../etc/letsencrypt/archive/mydomain.de/privkey1.pem Also i cannot find the string "/archive/" in no file in the whole ispconfig folder. There is no entry in ispconfigs cron.log (debug mode) for creating this symlinks. is there another place to look? How can i investigate what happens there? also i don't understand how to update certbot like mentioned in ispcconfig cron.log and what does the error message in bold stands for? System is Ubuntu 14.04.5 LTS Code: Fr 16. Dez 13:32:02 CET 2016 You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages. . . Fr 16. Dez 13:32:06 CET 2016 Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
Hi Till, after investigation i found the problem. Perhaps you can help me to solve it: When i create manually a symlink with Code: ln /etc/letsencrypt/live/MYDOMAIN.de/cert.pem test.bundle it creates a symlink like this: Code: test.bundle -> ../../archive/MYDOMAIN.de/cert2.pem (cert2.pem because of a created subdomain.) when i create a symlink with "-s" option: Code: ln -s /etc/letsencrypt/live/MYDOMAIN.de/cert.pem test2.bundle it creates a symlink like this: Code: test2.bundle -> /etc/letsencrypt/live/MYDOMAIN.de/cert.pem Perhaps this is the answer and a problem with the difference between "LN" and "LN -s" ? PHP for ispconfig itself is 5.5.9 fastcgi. Can anybody help me out of this?
Ok, got it... When you check "System/Server config/web/make relative symlinks" the ssl link goes to the file in archive folder directly. When you uncheck it all is ok. Then just a resync of all websites and all is fixed. Now i have to wait that autorenew is running flawlessly. @till Perhaps a hint for an improvement in the next version of ispconfig?
