Hey all, I have been running ISPConfig for quite some years now. I think about 2 years back ISPConfig changed from using certbot to acme and now I have sites that still use the cerbot created certificates (and it still renews without any problems) and the newer sites using acme. What would be the best method to move all the sites that are still using certbot also to acme?
Saved way with least down time is per site. Uncheck LE Remove cert and key files in /var/www/clientX/webX/ssl Recheck LE A new certificate should be requested, using acme. Afterwards you may need to cleanup your /etc/letsencrypt folder.
Actually it is more than 2 years, may be around 5 years, however, while ISPConfig supports acme.sh ever since, it will not install it on server already with certbot, so you must have installed it yourself manually. Other than the suggested way above, I would try to use ISPConfig built in resync tool which I think could do the trick for multiple websites. The steps would be: ¹ Make a working backup of your sites and/or the whole server itself. The latter is easier with vm snap, if you have one. ² Uninstall certbot via apt or snap, depending on how you installed it. DO NOT USE PURGE. ³ Use ISPConfig resync tool in its UI. Do note that this takes some times, so be patience before moving to the next steps. ⁴ Thereafter check to determine whether each and every websites already get its LE SSL certs in acme.sh folder. ⁵ Check if the same certs are also installed in each websites SSL folder, not symlinked. ⁶ If you got both and some are symlinked, check each site's vhost to determine which one it is using. ⁷ You may do the cleanup of all certbot created certs and their symlinks after you confirmed acme.sh created certs are in place and being used by all the sites.
