LetsEncrypt renewal and post-hooks

Discussion in 'Installation/Configuration' started by WhitcombeRD, Aug 10, 2019.

  1. WhitcombeRD

    WhitcombeRD New Member

    Ive just done a clean install to Buster/ISPConfig3.1.14p2 using the pefect server method (https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/)

    Theres a few things im not certain about. On my previous older 3.1 install there were cronjobs for letsencrypt to auto renew certs and i had the option of adding hooks to restart services.

    On this install ive enabled LE and its successfully created certificates for the sites needed and they work fine.

    Ive got a few issues though:-

    (i) But i cant see what mechanism it uses to test and renew these certs? Am i missing cronjobs or does some other script handle this somewhere now?

    (ii) in the letsencrypt log i see:

    WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable t
    han more recent versions. The letsencrypt client has also been renamed to Certbot. We recommend upgrading to the latest certbot-auto script, or using
    native OS packages.

    This confuses me as i installed a fresh server using LE from source as in the guide above on the command line. How do i go about fixing this?

    (iii) i assume i need to manually add hooks to restart apache, dovecot, postfix on cert renew. Previously i had these in a cron job. How do i go about doing it now as i cant seem to find any jobs running to hook them onto?
  2. ahrasis

    ahrasis Well-Known Member

    1. That comes with ISPConfig cron.
    2. Ignore that message.
    3. If you follow the tutorial to secure your server and its services, follow it again.
  3. WhitcombeRD

    WhitcombeRD New Member

    I wasnt aware there was a tutorial until you posted that - i setup manually.

    The tutorial doesnt seem to use hooks. Assuming i want to do it the "official" LE way, i assume if i add a bash script to restart services in the renewal-hooks/post directory that'll also do the job?
    Thanks for clarifying 1 and 2.
  4. ahrasis

    ahrasis Well-Known Member

    The official tutorial creates a website for your web server and therefore uses webroot to obtain LE SSL certs. It also extends the certs for other services in that server, if any, like dovecot, postfix, pure-ftpd-mysql and monit with the ability to recreate ispserver.pem using incron. All services will be restarted upon renewal of the server LE SSL certs. You will need to incron is always working by the end of that tutorial. Use monit to monitor it if necessary.

Share This Page