renew mail certificate?

i updated ISPConfig 3.2.2 w/o problems 3 months ago, but today all mail client says invalid certificate ( expire) why?, how can i renew?? tx in advance
certificate of panel control (8080) and mail server have diferent date , how is it posible?

 

sorry for delay. yes , i did it twice ( cert trought installer, first with update, second force), and i restart several time, i did the update 2 month ago! why is the difference?. are there any trustable tool for check condition of certificate of mail server?, i use ssl checker, but it show me certificate for domain, not for email server

 

Yes.
Find them using Internet Search Engines with

Code:

ssl testing mail server

 

confirmed for mail server
Certificates
First seen at: 2021-01-21
CN=mxxxr.dxxxxxxxa.es
Certificate chain

• mxxxxxxr.dixxxa.es
  • -23 days remaining
  • 4096 bit
  • sha256WithRSAEncryption
  • R3
    • 188 days remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • DST Root CA X3 (Certificate is self-signed.)
      • 189 days remaining
      • 2048 bit
      • sha1WithRSAEncryption

    ​

  ​

Subject
Common Name (CN)

• mxxxr.dxxxxxxa.es

Alternative Names

• mxxxxr.dxxxxxxa.es

and for panel control ( same name server) 8080
from Sun, 31 Jan 2021 06:45:08 GMT
To Sat, 01 May 2021 06:45:08 GMT
how is it posible?

 

no, i use automatic generation of LE cert. for panel control, mail server and ftp server from ispconfig 3.2 update

 

because i did it several months ago, i dont sure, but i think, yes, anyway, i going to do it again (/force)

 

you are right, i dont use dns server, and in the midlle of script make question about ..., if i press no , script didnt complete LE sequence
i never note thois detail. , now complete th sequence and everithing is ok. tx again

 

Hi again , i update another server from 3.1.4 ( i think) to 3.2.4 w/o problems, but in the midlle of script it say:
"Could not issue letsencrypt certificate, falling back to self-signed."

the complete echo from script was:
Operating System: Ubuntu 18.04.5 LTS (Bionic Beaver)

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no

Checking ISPConfig database .. OK
Starting incremental database update.
Loading SQL patch file: /tmp/update_runner.sh.qCsJy7SAr5/install/sql/incremental/upd_dev_collection.sql
Reconfigure Permissions in master database? (yes,no) [no]:

Service 'dns_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]:

Reconfigure Services? (yes,no,selected) [yes]:

Configuring Postfix
Configuring Dovecot
Configuring Mailman
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Jailkit
Configuring Ubuntu Firewall
Configuring Database
Updating ISPConfig
ISPConfig Port [8080]:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for server.tallerdelaamistad.org
Using certificate path /etc/letsencrypt/live/server.tXXXXXXXXXXad.org
Server's public ip(s) (xx.xx.xx.x0, xx.xx.xx0) not found in A/AAAA records for server.tallerdelaamistad.org: 127.0.0.1
Ignore DNS check and continue to request certificate? (y,n) [n]:

Could not issue letsencrypt certificate, falling back to self-signed.
Generating RSA private key, 4096 bit long modulus (2 primes)
.......................++++
............................++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SP
State or Province Name (full name) [Some-State]:Málaga
Locality Name (eg, city) []:NErja
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TallxxxXXXXd
Organizational Unit Name (eg, section) []:TDLA
Common Name (e.g. server FQDN or YOUR name) []:server.tXXXXXXXXXd.org
Email Address []:dXXXXXXXXXil.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
writing RSA key
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]:

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]:

Reconfigure Crontab? (yes,no) [yes]:

Updating Crontab
Restarting services ...
Update finished.

but LE if working properly (i creating site with ssl and LE w/o problems)
whats up? i didit 3 times ( with --force). no diference
before last try, i create a site with server name and LE, w success, but nothing change in script
Tx for help me

 

ok, i receive this output

HTML:

Operating System: Ubuntu 18.04.5 LTS (Bionic Beaver)

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no

Checking ISPConfig database .. OK
Starting incremental database update.
Loading SQL patch file: /tmp/update_runner.sh.DFyGz04vud/install/sql/incremental/upd_dev_collection.sql
Reconfigure Permissions in master database? (yes,no) [no]:

Service 'dns_server' has been detected (currently disabled) do you want to enable and configure it?  (yes,no) [no]:

Reconfigure Services? (yes,no,selected) [yes]:

Configuring Postfix
Configuring Dovecot
Configuring Mailman
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Jailkit
Configuring Ubuntu Firewall
Configuring Database
Updating ISPConfig
ISPConfig Port [8080]:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for server.tallerdelaamistad.org
Using certificate path /etc/letsencrypt/live/server.tallerdelaamistad.org
Server's public ip(s) (80.59.7.130, 80.59.7.130) not found in A/AAAA records for server.tallerdelaamistad.org: 127.0.0.1
Ignore DNS check and continue to request certificate? (y,n) [n]: y

Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
Issuing certificate seems to have succeeded but /etc/letsencrypt/live/server.tallerdelaamistad.org/cert.pem seems to be missing. Falling back to self-signed.
genrsa: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writing, No such file or directory
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory
140391026889152:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r')
140391026889152:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory
140503651062208:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r')
140503651062208:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory
140139771433408:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r')
140139771433408:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load Private Key
PHP Warning:  rename(/usr/local/ispconfig/interface/ssl/ispserver.key.insecure,/usr/local/ispconfig/interface/ssl/ispserver.key): No such file or directory in /tmp/update_runner.sh.DFyGz04vud/install/lib/installer_base.lib.php on line 3152
Reconfigure Crontab? (yes,no) [yes]: no

Restarting services ...
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
Update finished.

can you guide me?

 

yes, Till , you right, host was uncorrect, i fix it ( i have 3 servers, and i used a healthy server for reference with right ip), but i still receive errors

HTML:

 server.tallerdelaamistad.org: 192.168.0.8
Ignore DNS check and continue to request certificate? (y,n) [n]: y

Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
Issuing certificate seems to have succeeded but /etc/letsencrypt/live/server.tal                                                       lerdelaamistad.org/cert.pem seems to be missing. Falling back to self-signed.
genrsa: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writin                                                       g, No such file or directory
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such                                                        file or directory
140522793349568:error:02001002:system library:fopen:No such file or directory:..                                                       /crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.ke                                                       y','r')
140522793349568:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/                                                       bio/bss_file.c:79:
unable to load Private Key
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such                                                        file or directory
140310734647744:error:02001002:system library:fopen:No such file or directory:..                                                       /crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.ke                                                       y','r')
140310734647744:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/                                                       bio/bss_file.c:79:
unable to load Private Key
Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such                                                        file or directory
140120376701376:error:02001002:system library:fopen:No such file or directory:..                                                       /crypto/bio/bss_file.c:72:fopen('/usr/local/ispconfig/interface/ssl/ispserver.ke                                                       y','r')
140120376701376:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/                                                       bio/bss_file.c:79:
unable to load Private Key
PHP Warning:  rename(/usr/local/ispconfig/interface/ssl/ispserver.key.insecure,/                                                       usr/local/ispconfig/interface/ssl/ispserver.key): No such file or directory in /                                                       tmp/update_runner.sh.Y20Cz9Yx0O/install/lib/installer_base.lib.php on line 3152
Reconfigure Crontab? (yes,no) [yes]: no

Restarting services ...

 

some files from cert seems to be misssing, can i delete/restore/reset/remove these cerrtificate for re-start?

 

didit, but

HTML:

root@server:/etc/letsencrypt/live# certbot delete --cert-name server.tallerdelaamistad.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name server.tallerdelaamistad.org (expected /etc/letsencrypt/renewal/server.tallerdelaamistad.org.conf).

 

what happend if i delete
/usr/local/ispconfig/interface/ssl/ispserver.*?