I have a site with lots of aliased domains. ISPConfig Control Panel generates a new set of Letsencrypt certificates whenever I add/delete an aliased domain as it should. I noticed the certificate had apparently not been renewed for the last aliasdomain deletion. On investigation I found the wrong symbolic links had been created in /var/www/domain.tld/ssl. When I corrected the links and restarted Apache the proper updated certificate was used. The "wrong.domain.tld" in the symbolic link was an aliased domain and not the host domain. I presume ISPConfig creates the symbolic link. Any idea how this could have happened and how can I prevent it be repeated either at the next automatic renewal or when I add/delete another aliased domain? ISPConfig 3.2.4 on Debian Buster - installed using Perfect Server tutorial.
This is what some previous update had created for the private key - other keys had same error. ls -lh of /var/www/host.domain.tls/sll shows: host.domain.tld-le.key -> /etc/letsencrypt/live/aliased.domain.tld/privkey.pem The correct entry should have been: host.domain.tld-le.key -> /etc/letsencrypt/live/host.domain.tld-0005/privkey.pem aliased.domain.tld was just one of many aliased domains to this host. The /etc/letsencrypt/live directory had created an aliased.domain.tld subdirectory which pointed to the aliased.domain.tld archive directory which had an old version of the host.domain.tld domain list. Hence when one of these domains had been removed from the alased domain list and had its DNS deleted letsencrypt correctly fails to renew the certificates for aliased.domain.tld. Paradoxically it did renew the host.domain.tld certificates. But these were not seen by any browser until I repointed the symbolic links to host.domain.tld-0005 and restarted apache. aliased.domain.tld was never a host on this machine. The erroneous directory was setup on Feb 5th. I seem to recall there was another problem resulting from a bug in the letsencrypt software around that time. Could this be related?
