Messed up by installing acme.sh when using Certbot on CentOS 7.9

Discussion in 'General' started by zimon, Apr 2, 2022.

  1. zimon

    zimon New Member

    So I messed up by installing acme.sh when having Certbot already setup on my CentOS 7.9 server running ISPConfig 3.2.6. I have since then read up on the subject with the advice to not install acme.sh if Certbot is already installed and running. Yup, I was too trigger happy when I did this last year.

    As we know, the result is that no Lets Encrypt certificates are being renewed automatically, however, I am still able to setup new Web sites through the ISPConfig GUI with certificates being issued and installed by acme.sh just fine. I have also been able to do manual renewals of a certificate through the ISPConfig GUI by unchecking the SSL and Lets Encrypt checkboxes on the site configuration page, and then check them both back again. This seems to make the switch from Certbot to acme.sh.

    Still, no certificates are being renewed automatically, so instead I use the CLI with acme.sh -r -d domain.com to renew each certificate manually, when they are close to expire.

    I just wanted to check in to see if there is a way to make ISPConfig switch the cron process from Certbot to acme.sh. I did the upgrade to ISPConfig 3.2.8p1 today, though I am still getting the same error as always:

    which: no acme.sh in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/mainuser/.local/bin:/home/mainuser/bin)
    which: no acme.sh in (/usr/local/ispconfig/server/scripts)
    [Sat Apr 2 09:40:49 -05 2022] It is recommended to install socat first.
    [Sat Apr 2 09:40:49 -05 2022] We use socat for standalone server if you use standalone mode.
    [Sat Apr 2 09:40:49 -05 2022] If you don't use standalone mode, just ignore this warning.​

    If this is still a no-no, I'll just keep track on the cert expirations and do the update manually.
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I don't think so.
    This makes it worse.

    If you followed all threads related to this, you should revert back to certbot and remove acme.sh totally.

    If your certbot is somehow outdated, you can remove that old version and install the latest one using snap.

    You can untick and retick that LE box for each websites when you done fixing with the above.
     

Share This Page