I am running ISPConfig 3.1 with certbot. Some of the renewed certificates go into folders with numeric suffixes like: Code: # ls -l /etc/letsencrypt/live/no-fun.de-0002 total 0 lrwxrwxrwx 1 root root 38 Jun 26 16:21 cert.pem -> ../../archive/no-fun.de-0002/cert1.pem lrwxrwxrwx 1 root root 39 Jun 26 16:21 chain.pem -> ../../archive/no-fun.de-0002/chain1.pem lrwxrwxrwx 1 root root 43 Jun 26 16:21 fullchain.pem -> ../../archive/no-fun.de-0002/fullchain1.pem lrwxrwxrwx 1 root root 41 Jun 26 16:21 privkey.pem -> ../../archive/no-fun.de-0002/privkey1.pem ... however ISPConfig created links still point to the old directory without the suffix: Code: # ls -l /var/www/no-fun.de/ssl lrwxrwxrwx 1 root root 41 Jun 26 16:54 no-fun.de-le.bundle -> /etc/letsencrypt/live/no-fun.de/chain.pem lrwxrwxrwx 1 root root 40 Jun 26 16:54 no-fun.de-le.crt -> /etc/letsencrypt/live/no-fun.de/cert.pem lrwxrwxrwx 1 root root 43 Jun 26 16:54 no-fun.de-le.key -> /etc/letsencrypt/live/no-fun.de/privkey.pem Hence my certs are expired. What am I missing?
It seems you have created different certs before for the same domain, maybe either with an old version of ISPConfig or manually via Letsencrypt/certbot. This leads to a problem that the main domain directory of LE is taken. ISPConfig cannot deal with the -XXX suffixed directories, yet. Solution: Delete all /etc/letsencrypt/live/no-fun.de*, /etc/letsencrypt/archive/no-fun.de* and /etc/letsencrypt/renew/no-fun.de* directories and files, then disable and re-enable the LE setting for the website in ISPConfig.
Yes, that worked, although in a slightly different sequence. 1. disable, 2. delete, 3. enable. Thanks for your help!
