I got problem with letsencrypt certificates. 1st i have noticed, that my dovecot is using wrong cert. Then i checked if links are directing into correct folder inside letsencrypt /etc/. And it did. I didn't want to play with searching where and why things happen like that, so i go directly into ispc to see how about main server domain, and Letsencrypt was not checked (it was migrated with migration tool, and should be checked on). I checked it and save, but inside letsencrypt log there is only: MissingCommandlineFlag: Missing command line flag or config entry for this setting: Please choose an account Choices: ['server.domain.pl@2016-03-08T18:45:14Z (66c0)', 'server2.domain.pl@2019-01-24T14:37:13Z (c5e9)']. I do not really know what to do next ;s Update: I removed second domain, but it still asking for it in the end (i removed ssl first, and then delete whole website in ispc), here is the full log; Code: 2019-02-03 12:40:03,065:DEBUG:certbot.main:certbot version: 0.30.0 2019-02-03 12:40:03,065:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02 .api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'server.domain.pl', '--webroot-path', '/usr/loc al/ispconfig/interface/acme'] 2019-02-03 12:40:03,065:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginE ntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-03 12:40:03,074:WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than mor e recent versions. The letsencrypt client has also been renamed to Certbot. We recommend upgrading to the latest certbot-auto script, or using native OS pack ages. 2019-02-03 12:40:03,074:DEBUG:certbot.cli:Deprecation warning circumstances: /opt/eff.org/certbot/venv/bin/certbot / {'LANG': 'en_US.UTF-8', 'SHELL': '/bin/s h', 'XDG_RUNTIME_DIR': '/run/user/0', 'LOADEDMODULES': '', 'HOME': '/root', 'HOSTNAME': 'server.domain.pl', 'HISTSIZE': '1000', 'HISTCONTROL': 'ignoredups', 'S HLVL': '3', 'PWD': '/usr/local/ispconfig/server', 'LOGNAME': 'root', 'USER': 'root', 'MAIL': '/var/spool/mail/root', 'PATH': '/sbin:/usr/sbin:/bin:/usr/bin:/ usr/local/sbin:/usr/local/bin:/usr/X11R6/bin', 'LESSOPEN': '||/usr/bin/lesspipe.sh %s', 'XDG_SESSION_ID': '9927', 'MODULESHOME': '/usr/share/Modules', '_': ' /opt/eff.org/certbot/venv/bin/certbot', 'MODULEPATH': '/usr/share/Modules/modulefiles:/etc/modulefiles'} 2019-02-03 12:40:03,080:DEBUG:certbot.log:Root logging level set at 20 2019-02-03 12:40:03,080:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-03 12:40:03,080:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2019-02-03 12:40:03,085:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f78f3994e90> Prep: True 2019-02-03 12:40:03,085:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f78f3994e90> and installer None 2019-02-03 12:40:03,086:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2019-02-03 12:40:03,093:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module> sys.exit(main()) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1364, in main return config.func(config, plugins) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1233, in certonly le_client = _init_le_client(config, auth, installer) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 604, in _init_le_client acc, acme = _determine_account(config) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 513, in _determine_account acc = display_ops.choose_account(accounts) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/ops.py", line 86, in choose_account "Please choose an account", labels, force_interactive=True) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 507, in menu self._interaction_fail(message, cli_flag, "Choices: " + repr(choices)) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 469, in _interaction_fail raise errors.MissingCommandlineFlag(msg) MissingCommandlineFlag: Missing command line flag or config entry for this setting: Please choose an account Choices: ['server.domain.pl@2016-03-08T18:45:14Z (66c0)', 'server.domain2.pl@2019-01-24T14:37:13Z (c5e9)'] Update nr 2 Ok, what i did was the more testing. First, i was thinking that my dovecot cert is wrong, because outlook 2010 told me so. but it looks, like Outlook 2010 is using HTTPS certificate, because checking on other clients, and using openssl is showing correct values. # cat /etc/dovecot.conf listen = *,[::] protocols = imap pop3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key ssl_protocols = !SSLv3 Now from different box in the internet: # openssl x509 -in /etc/postfix/smtpd.cert -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: xxxxxxxxxxxxxxxxxxxxxxxxx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: Dec 4 02:00:57 2018 GMT Not After : Mar 4 02:00:57 2019 GMT Subject: CN=server.domain.pl Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Domain is correct! # openssl s_client -connect server.domain.pl:993 -crlf CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = server.domain.pl verify return:1 Domain here is also correct! Same for POP3, SMTP, and SMTP with STARTTLS. So the only problem now, is on https, it use wrong certificate for the website, that use domain same as server do for ispc panel.
Probably you have two accounts in /etc/letsencrypt/accounts/.... One from old server and another one from the new server. Backup /etc/letsencrypt folder, just to be sure, and then delete one of the accounts.
