Some srious problems with Let's encrypt in ISPC3

Discussion in 'General' started by Nicram, Jun 12, 2019.

  1. Nicram

    Nicram Member HowtoForge Supporter

    Hello
    It is not first time i got problems with LE3 with ISPC. I already had some problems, where i had to restart Apache by hand so some vhosts with different PHP version started to work (but since i do not host many sites, i just accept that, and didn't had time to debug it more).
    Today i changed domain name for one of the websites.
    That website already had some other domain aliases (not redirects), and one redirect from domain.com to www.domain.com (redirect was made as different site with name domain.com and added redirect inside options).
    After changing name, it used old domain name certificate (didn't change itself to new one). But after changing domain name, i made new website with old domain name (and added redirect to new domain). But it still used wrong/old/ SSL cert. So i completely deleted site/vhost with old name.
    Then get back to www.newdomain.com and unclicked SSL and LE. Waited. Then enabled them again and...
    Now it load wrong certificate, used by one of the Aliases! It is horror :)
    This is the result of currently used certs configured by ISPC3:
    Code:
    # cd /var/www/newdomain.com/ssl
# ls -la
total 92
drwxr-xr-x  2 root  root     4096 Jun 12 14:45 .
drwxr-xr-x 11 web64 client15 4096 Jan 26 16:42 ..
lrwxrwxrwx  1 root  root       62 Jun 12 14:45 newdomain.com-le.bundle -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/chain.pem
lrwxrwxrwx  1 root  root       61 Jun 12 14:45 newdomain.com-le.crt -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/cert.pem
lrwxrwxrwx  1 root  root       64 Jun 12 14:45 newdomain.com-le.key -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/privkey.pem
lrwxrwxrwx  1 root  root       54 Jan 26 03:31 aliasdomain1.com-le.bundle -> /etc/letsencrypt/live/aliasdomain1.com/chain.pem
lrwxrwxrwx  1 root  root       53 Jan 26 03:31 aliasdomain1.com-le.crt -> /etc/letsencrypt/live/aliasdomain1.com/cert.pem
lrwxrwxrwx  1 root  root       56 Jan 26 03:31 aliasdomain1.com-le.key -> /etc/letsencrypt/live/aliasdomain1.com/privkey.pem
lrwxrwxrwx  1 root  root       62 Jun 12 14:41 www.newdomain.com-le.bundle -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/chain.pem
-r--------  1 root  root     1647 Jun 12 14:30 www.newdomain.com-le.bundle.old.20190612143003
-r--------  1 root  root     1647 Jun 12 14:35 www.newdomain.com-le.bundle.old.20190612143516
-r--------  1 root  root     1647 Jun 12 14:41 www.newdomain.com-le.bundle.old.20190612144104
lrwxrwxrwx  1 root  root       61 Jun 12 14:41 www.newdomain.com-le.crt -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/cert.pem
-r--------  1 root  root     2350 Jun 12 14:30 www.newdomain.com-le.crt.old.20190612143003
-r--------  1 root  root     2350 Jun 12 14:35 www.newdomain.com-le.crt.old.20190612143516
-r--------  1 root  root     2313 Jun 12 14:41 www.newdomain.com-le.crt.old.20190612144104
lrwxrwxrwx  1 root  root       64 Jun 12 14:41 www.newdomain.com-le.key -> /etc/letsencrypt/live/www.aliasdomain2.com-0001/privkey.pem
-r--------  1 root  root     3272 Jun 12 14:30 www.newdomain.com-le.key.old.20190612143003
-r--------  1 root  root     3272 Jun 12 14:35 www.newdomain.com-le.key.old.20190612143516
-r--------  1 root  root     3272 Jun 12 14:41 www.newdomain.com-le.key.old.20190612144104
lrwxrwxrwx  1 root  root       57 Apr 15 15:52 www.aliasdomain2.com-le.bundle -> /etc/letsencrypt/live/www.aliasdomain2.com/chain.pem
-r--------  1 root  root     1647 Apr 15 15:50 www.aliasdomain2.com-le.bundle.old.20190415155017
-r--------  1 root  root     1647 Apr 15 15:52 www.aliasdomain2.com-le.bundle.old.20190415155219
lrwxrwxrwx  1 root  root       56 Apr 15 15:52 www.aliasdomain2.com-le.crt -> /etc/letsencrypt/live/www.aliasdomain2.com/cert.pem
-r--------  1 root  root     2313 Apr 15 15:50 www.aliasdomain2.com-le.crt.old.20190415155017
-r--------  1 root  root     2386 Apr 15 15:52 www.aliasdomain2.com-le.crt.old.20190415155219
lrwxrwxrwx  1 root  root       59 Apr 15 15:52 www.aliasdomain2.com-le.key -> /etc/letsencrypt/live/www.aliasdomain2.com/privkey.pem
-r--------  1 root  root     3272 Apr 15 15:50 www.aliasdomain2.com-le.key.old.20190415155017
-r--------  1 root  root     3272 Apr 15 15:52 www.aliasdomain2.com-le.key.old.20190415155219
    Inside /etc/httpd/conf/sites-enabled/100-newdomain.com.vhost there is:
    SSLCertificateFile /var/www/clients/clientXX/webXX/ssl/newdomain.com-le.crt
    SSLCertificateKeyFile /var/www/clients/clientXX/webXX/ssl/newdomain.com-le.key
    SSLCertificateChainFile /var/www/clients/clientXX/webXX/ssl/newdomain.com-le.bundle

    When i ignore wrong SSL in browser, it loads correct website.
    I will try to remove all those aliases and try how it will perform then.

    EDIT: After removing all aliases it generated correct SSL's.
     
    Last edited: Jun 12, 2019
    Nicram, Jun 12, 2019
    #1

Share This Page