Manuel regenerate SSL Cert

Hi,
how can i manually trigger the generation of the SSL certificate for the ISPConfig panel itself?

 

Ok but i may hit an error here. Do i need to remove the certificate from /root/.acme.sh/domain.tld/?

Code:

[Mi 13. Sep 11:01:08 CEST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mi 13. Sep 11:01:08 CEST 2023] ACME_NEW_AUTHZ
[Mi 13. Sep 11:01:08 CEST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mi 13. Sep 11:01:08 CEST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mi 13. Sep 11:01:08 CEST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mi 13. Sep 11:01:08 CEST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Mi 13. Sep 11:01:08 CEST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mi 13. Sep 11:01:08 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mi 13. Sep 11:01:08 CEST 2023] _on_before_issue
[Mi 13. Sep 11:01:08 CEST 2023] _chk_main_domain='panel.domain.tld'
[Mi 13. Sep 11:01:08 CEST 2023] _chk_alt_domains
[Mi 13. Sep 11:01:08 CEST 2023] '/usr/local/ispconfig/interface/acme' does not contain 'no'
[Mi 13. Sep 11:01:08 CEST 2023] Le_LocalAddress
[Mi 13. Sep 11:01:08 CEST 2023] d='panel.domain.tld'
[Mi 13. Sep 11:01:08 CEST 2023] Check for domain='panel.domain.tld'
[Mi 13. Sep 11:01:08 CEST 2023] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mi 13. Sep 11:01:08 CEST 2023] d
[Mi 13. Sep 11:01:08 CEST 2023] '/usr/local/ispconfig/interface/acme' does not contain 'apache'
[Mi 13. Sep 11:01:08 CEST 2023] _saved_account_key_hash='9zPSTqpRDUJ8Mqr2beMmOuY8dvaDD2L8bpJ5JxHoky4='
[Mi 13. Sep 11:01:08 CEST 2023] _saved_account_key_hash is not changed, skip register account.
[Mi 13. Sep 11:01:08 CEST 2023] Read key length:2048
[Mi 13. Sep 11:01:08 CEST 2023] Creating domain key
[Mi 13. Sep 11:01:08 CEST 2023] Using config home:/root/.acme.sh
[Mi 13. Sep 11:01:08 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mi 13. Sep 11:01:08 CEST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mi 13. Sep 11:01:08 CEST 2023] _ACME_SERVER_PATH='directory'
[Mi 13. Sep 11:01:08 CEST 2023] Domain key exists, do you want to overwrite the key?
[Mi 13. Sep 11:01:08 CEST 2023] Add '--force', and try again.
[Mi 13. Sep 11:01:08 CEST 2023] Create domain key error.
[Mi 13. Sep 11:01:08 CEST 2023] pid
[Mi 13. Sep 11:01:08 CEST 2023] No need to restore nginx, skip.
[Mi 13. Sep 11:01:08 CEST 2023] _clearupdns
[Mi 13. Sep 11:01:08 CEST 2023] dns_entries
[Mi 13. Sep 11:01:08 CEST 2023] skip dns.
[Mi 13. Sep 11:01:08 CEST 2023] _on_issue_err
[Mi 13. Sep 11:01:08 CEST 2023] Please check log file for more details: /var/log/ispconfig/acme.log
[Mi 13. Sep 11:01:08 CEST 2023] _chk_vlist
[Mi 13. Sep 11:01:51 CEST 2023] LE_WORKING_DIR='/root/.acme.sh'
[Mi 13. Sep 11:01:51 CEST 2023] Running cmd: upgrade
[Mi 13. Sep 11:01:51 CEST 2023] Using config home:/root/.acme.sh
[Mi 13. Sep 11:01:51 CEST 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Mi 13. Sep 11:01:51 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mi 13. Sep 11:01:51 CEST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mi 13. Sep 11:01:51 CEST 2023] _ACME_SERVER_PATH='directory'
[Mi 13. Sep 11:01:51 CEST 2023] GET
[Mi 13. Sep 11:01:51 CEST 2023] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Mi 13. Sep 11:01:51 CEST 2023] timeout=
[Mi 13. Sep 11:01:51 CEST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 13. Sep 11:01:51 CEST 2023] ret='0'
[Mi 13. Sep 11:01:51 CEST 2023] Already uptodate!
[Mi 13. Sep 11:01:51 CEST 2023] Upgrade success!
[Mi 13. Sep 11:01:51 CEST 2023] LE_WORKING_DIR='/root/.acme.sh'
[Mi 13. Sep 11:01:51 CEST 2023] Running cmd: setdefaultca
[Mi 13. Sep 11:01:51 CEST 2023] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

 

Nevermind i just moved the whole /root/.acme.sh/domain.tld to backup and tried again. The issue seems to be something else:

Code:

 Invalid response from https://panel.domain.tld/.well-known/acme-challenge/i6KqX_JUJ3jVJDpoo3rY0ym2uSjanJuPjw2yidURJhc: 500","status": 403}

Maybe this SSL config is the issue for this?

Code:

<VirtualHost *:443>
        SSLEngine on

        SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLHonorCipherOrder on
        SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!CBC
        #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

        SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
        SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key


        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

        ServerName panel.domain.tld
        ServerAlias www.panel.domain.tld

        SSLProxyEngine on
        ProxyPreserveHost On
        ProxyRequests Off
        ProxyVia Off
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/
</VirtualHost>

 

Well that might be an issue and i edited the config while checking manually with the methode you provided i found that the cause might be this: "HTTP request sent, awaiting response... 301 Moved Permanently"
In the 000-default.conf the following is set:

Code:

Redirect permanent / https://panel.domain.tld/

Could this be the issue? Sorry but i'm a bit lost right now

 

I was the issue indeed. I've removed it and now i can get grab the testfile with wget.
Now i have to wait an hour anyways as i hit the LE rate limit

I'll test the config later on

 

Can one of you describe how to set this up the "correct" way? So that the panel is exposed on :443 and i don't run into issues with this manual hack again?