Hi Guru's, Looking fro some help / guidance please. ISSUE: I am having an issue securely accessing webmail on one of our slave servers. When I try and access "https://marketing.foo.com:8081/webmail/" I am getting: - Your connection is not private net::ERR_CERT_DATE_INVALID --- BROWSER SSL INFO: Certificate Viewer: marketing.foo.com Validity Period Issued On Wednesday, 15 October 2025 at 11:46:22 Expires On Tuesday, 13 January 2026 at 10:46:21 I do understand that this is an outdated / expired SSL cert for the server --- STEPS TAKEN TO TRY AND RESOLVE ISSUE: Command line on "marketing.foo.com" as 'ROOT': - ispconfig_update.sh and ispconfig_update.sh --force I just get "Certificate exists. Not creating a new one." --- BACKGROUND: Debian 12 - running ISPConfig 3.3.0p3 This is a "live" slave server in a Multi-server setup running Apache This slave servers ISPConfig main domain is "marketing.foo.com" I did setup a "dummy" website "marketing.foo.com" with a holding page which I thought would look visually more appealing! I think the error I have made is very similar to this issue: - https://forum.howtoforge.com/threads/ssl-renewal-failed.94035/ --- POSSIBLE SOLUTION?: I am very mindful that this is a "live" slave server on a "live" multi-server setup. Should I delete the "marketing.foo.com" website and then run (as ROOT) 'ispconfig_update.sh' or 'ispconfig_update.sh --force'? --- Many thanks in advance for any help / advice HTA
First, check if marketing.foo.com website has a valid ssl cert. If that's the case, then please check if your system uses certbot or acme.sh for Let's Encrypt.
Hi Till, thanks as always for your prompt response. Yes, marketing.foo.com website has a valid ssl cert. The certs are stored in subfolder's of /root/.acme.sh/ so I believe that I have acme.sh? Kind regards as always HTA
Yes. I would leave the website as it is, and then replace the ssl cert and key in /usr/local/ispconfig/interface/ssl/ folder with a symlink to the certificate in /root/.acme.sh/ or the copy of the certificate in the ssl folder of the website.
Hi again Till, Thanks. Would this be the correct command line for .key? ln -s /root/.acme.sh/marketing.foo.com_ecc/marketing.foo.com.key /usr/local/ispconfig/interface/ssl/ispserver.key I am a little confused about which file to link for the "cert" file? This is what I have for the source / destination /root/.acme.sh/marketing.foo.com_ecc/ marketing.foo.com.cer marketing.foo.com.csr /usr/local/ispconfig/interface/ssl/ ispserver.crt ispserver.pem What is the combination I need? Thanks in advance for your kind help HTA
The .pem file is the combination of the key plus the certificate. so: marketing.foo.com.cer => ispserver.crt and ispserver.pem is the key + the certificate.
Hi Till, Many thanks for your kind update. TBH, I am still having a struggle getting my head around this! Is the following the correct command / files: - CERTIFICATE - marketing.foo.com.cer => ispserver.crt ln -s /root/.acme.sh/marketing.foo.com_ecc/marketing.foo.com.cer /usr/local/ispconfig/interface/ssl/ispserver.crt KEY - marketing.foo.com.key => ispserver.pem ln -s /root/.acme.sh/marketing.foo.com_ecc/marketing.foo.com.key /usr/local/ispconfig/interface/ssl/ispserver.pem Sorry for being so unsure on this As always Thank You Regards HTA
