Migration script Letsencrypt to acme.sh

Discussion in 'Installation/Configuration' started by rickconn, Jan 15, 2021.

  1. rickconn

    rickconn New Member

    I have 2 debian 9 servers, both running Ispconfig 3.2.2
    One was built about 1 year ago, and uses Letsencrypt
    The other has just been built and uses acme.sh
    I have used migration-tool-2_2_2p3 to migrate Ispconfig to this new server.
    After a successful migration, I have manually removed the letsencrypt symlinks from /var/www/domain/ssl
    And now I have tried disabling and re-enabling 'Letsencrypt' in Ispconfig hoping to recreate the cert with acme.sh, but it is not created.
    Could I rerun the Ispconfig 3.2.2 update hoping that it will notice Letsencrypt is not installed?
    Would it the install acme.sh?

    Thank you
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    As far as I know that is detected at runtime, so it wouldn't change anything. But feel free to run the update and reconfigure services again if you wish, it won't hurt anything unless you've made custom config changes and didn't put them in a conf-custom file.
    rickconn likes this.
  3. rickconn

    rickconn New Member

    Thank you for your quick reply.
    Unfortuneatly the update has not worked, any other suggestions for a fix?
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You don't have certbot installed at all? What you did sounds like the correct thing to try, but I've not actually done that myself. Probably enable server debugging, check "Lets Encrypt" for a domain and run server.sh manually to see what happens when it tries to setup the certificate.
    rickconn likes this.
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The best is to check the letsencrypt FAQ one by one because your problem is not clear until you do so.

    If you check the latest update on Debian 10 PST, there is a short way to install acme.sh prescribed, though I would prefer an admin email is added, but that said, ISPConfig 3.2 already comes with acme.sh script (under ISPConfig script folder) and will automatically be used if no other letsencrypt official client exist

    In my mind, theoratically, uninstalling all Letsencrypt official clients (letsencrypt, certbot and certbot-auto) then backing up and deleting /etc/letsencrypt must be done before installing acme.sh and runing ISPConfig update while opting to configure services and ssl creation for the server.

    Personally, I still prefer certbot as it is the official letsencrypt client but at the same time I am also planning to migrate to acme.sh just in case certbot is ditched by ISPConfig.
    Last edited: Jan 16, 2021
    rickconn likes this.
  6. rickconn

    rickconn New Member

    Many thanks to everyone who replied.
    ahrasis, you were correct...
    I had failed to remove the letsencrypt certificates from the old server, I tried adding one on a domain that previously did not have a certificate and it was successful.

Share This Page