Hi, Somehow i got 2 acocunt for letsencrypt v01 (since 2019) and v02 (since December). if i try to add new domain, it fails with problem of choosing the proper one. However old domains would work for reissue. if i remove v01 folder from /etc/letsencrypt/accounts, i can validate NEW domains, but old domains wont reissue . Is there any way i can clean this mess and make ALL domains use one same account ?
Should be possible to force a reissue with certbot and specify the server. That way you can migrate the old v1 to v2 and going forward only have v2. Something like this should work depending on the setup: Code: certbot renew --apache --agree-tos --force-renewal --server https://acme-v02.api.letsencrypt.org/directory
The above is ok; you can have v1 and v2 together, that's not two accounts but one account available as v1 and v2. Check inside the v1 and v2 folders; most likely, you have two accounts in one of them.
Indeed , v02 has one true account and one symlink to v01 . So, should i remove symlink, run update command @pyte suggested, and then remove v01 totaly ?
Yes, you must remove one of the accounts. If you remove the symlink or the other one, it does not matter much. I would decide this based on each account's number of certs and remove the one with the least certs as it's the least amount of work to switch over the certs.
Thanks a lot ! Seems like things worked perfectly - certificates renewed. However one domain still has problem - its the same domain as used as a hostname for server . There is a WEBSITE entry with same domain created (not sure why this was done, as this is quite an old server, but it is empty web) and same domain is used as ISPCONFIG conneciton url . and probably thats why it does not updates. Should i remove it from WEBSITES, and somehow update ISPCONFIG 8080 certificate ?
Before ISPconfig had the very good certbot integration for the panel itself, it was an easy hack to have a website with the same hostname to obtain the certificate. I think it _should_ be fine to delete it if it does not have any purpose anymore. But maybe wait for till if I missed something. It is the same name, but a different config and port
OK, deleted it from the websites, as i had no purpose . However , question is - how do i check ISPconfig will be reissued by letencrypt on 8080 port ?
Code: acme.sh --list should show you a cert for your hostname, still your /etc/apache2/sites-enabled/000-ispconfig.vhost is probably set to should be found - and a pre and post one. Code: crontab -l 38 18 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null * * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done As far as I know the cronjob should do its job.
I would run ispconfig force update again and choose creating LE ssl certs during the process as the acme.sh install command should then copy the certs to ISPConfig ssl folder and set the renewal path in its conf file to this folder again. This is because via creating the website and asking LE certs for it earlier, you already set the renewal of the certs path to that website ssl folder and it will still be it until another acme.sh install command to other path is issued. This can be verified by reading the renewal conf file. Simply deleting the website won't change this renewal path.
