Recommended Let's Encrypt migration

Discussion in 'Plugins/Modules/Addons' started by Bocki, Mar 26, 2023.

  1. Bocki

    Bocki Member HowtoForge Supporter

    Hello everybody,
    I'm planning the migration of some ISPConfig installations with the ISPConfig 3 Migration Toolkit. The old systems use Certbot. For a fresh start acme.sh might be the right choice? I plan on installing with the autoinstaller.
    I've read various threads stating that all certs have to be reissued during the change from Certbot to acme.sh. But is that a problem? And would I have to take care of other things, too? Probably I don't understand all the implications here...
    Can/should I test with Debian 12 Bookworm already or better stick to 11 Bullseye?
    Thanks and regards!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig supports acme.sh and certbot equally and you can choose via command line options in the auto-installer which one should be used. If the old setup uses certbot, then I would use certbot for the new setup as well.

    You can get new certs only after you change DNS to the new server, so your sites will not work for some time until DNS has been changed and you enabled let's encrypt again afterward.

    Debian 12 is not supported yet, so either wait until we add support for it or use Debian 11.
     
    Bocki likes this.
  3. Bocki

    Bocki Member HowtoForge Supporter

    Thank you for this information!
    Maybe you could remove "Debian testing" under supported distributions then?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    It might work on testing, but we have not verified that. As the name suggests, testing is for testing and not live or productive systems ;)
     
    Last edited: Mar 30, 2023
    Bocki likes this.

Share This Page