This morning we found that the servers certificate expired overnight. Until now it had been automatically renewed every three months without a problem. We set it up using https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ Upon investigation, the renewing script at Code: /etc/init.d/le_ispc_pem.sh appears to have run properly, but the certificate files in Code: /etc/letsencrypt/archive/hostname -f/ are out dated. I'm not sure why they should suddenly stop being updated by LetsEncrypt, but any pointers on how to get fix this would be highly appreciated! Many thanks.
*** EXTRA INFORMATION *** Our company has two domain names ourdomain.info and ourdomain.net and the .info is used for the control panel on s1.ourdomain.info:8080 and the server fqdn is also s1.ourdomain.info. The .net is used for the company website and email. Some weeks ago, we redirected https://www.s1.ourdomain.info to https://ourdomain.net in case someone stumbled upon it (since we don't advertise the .info address). However, it seems that this has broken the certificate renewal. We're not sure how to recover from this! Please help!
Looks like I've finally fixed this. I had another domain which as luck would have it, when we set up the certificate for it, we included the hostname of the server (the one with the failed certificate and which ISPconfig runs), we included that in the same certificate as the other domain, although we weren't actually using that aspect of that certificate as the server still had it's own, until it broke last night. What I just did to fix it was run the following commands: Code: ln -sf /etc/letsencrypt/live/ourdomain.net/* /etc/letsencrypt/live/s1.ourdomain.info/ and then I restarted the services.
Well, I don't think that is the right way of doing it simply because at least ourdomain.info is not s1.ourdomain.info as all can see with their naked eyes. Those who followed my old thread / tutorial in securing ISPConfig should already know by now that those methods are obsolete or at least deprecated. The best way is, first, undue all the steps thoroughly manually though I shared a script to undue them in the github as well, but I am not sure that it will work in all cases scenario. Second, force update ISPConfig opting to create SSL during that process, which should recreate all the necessary LE certs and links to all services for that server. Do check LE FAQ in case of failure to create LE Certs.
