renew mail certificate?

finnaly i fixed, i check /etc/letsencrypt/live, and i found several occurrecnce of directory with FDQN, but with sufix 001,002, but no fdqn alone. i copy one of this with te name of FDQN, an voila!, installation script work perfect,. i test contro panel , and email and ftp with active LE cert.
TX a lots

 

sorry, but i am here again, i have problems with my first server ( this discussion was about 2 diferent server). i have problems again with emila server certificate. the funny thing is , now i dont receive error for script, but when i use thunderbird o others, or if i check cert in ssl-tools.net website, i get "self signed cert".

Code:

Updating ISPConfig
ISPConfig Port [8080]:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for mnsvr.digiiberica.es
Using certificate path /etc/letsencrypt/live/mnsvr.digiiberica.es
Server's public ip(s) (217.198.207.11, 217.198.207.11) not found in A/AAAA records for mnsvr.digiiberica.es: 192.168.0.8
Ignore DNS check and continue to request certificate? (y,n) [n]: y

Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y

Reconfigure Crontab? (yes,no) [yes]:

Updating Crontab
Restarting services ...
Update finished.
root@mnsvr:~#

whats is the problem?
tx in advance

 

Answer from the log you posted:

Code:

Server's public ip(s) (217.198.207.11, 217.198.207.11) not found in A/AAAA records for mnsvr.digiiberica.es: 192.168.0.8

Is this the same problem @Th0m explained in #13?
If that does not help, follow https://www.howtoforge.com/community/threads/please-read-before-posting.58408/

 

Seems like there was a A / AAAA record warning and then, there were existing LE certs.

Most probably you got multiple certs with suffix instead of just FQDN like you mentioned earlier.

By the way, from what I understand you fixed it manually last time by copying instead of deleting them all and issue a new request for the server FQDN.

So in my view, that were the problems, but of course following the FAQ as suggested will tell you more.

 

tx, taleman, the answer is yes and no, but i understand your comment, but i have a answer, when isp refer to dns record, refer to my domain dealer dns record or my ISp dns server?. because i dont use my ISP dns server, and i check my domains dns record and they are ok!. i see these line and i never understand them.

 

my /etc/resolv.conf says

Code:

nameserver 127.0.0.53
options edns0

 

yes, i set this dns a long time ago

Code:

 systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (enp1s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 8.8.8.8
                      8.8.4.4