Hi. I run ispconfig_update.sh, choose create SSL certs, and get these warnings: I am not sure what is the best fix for these or whether they should be fixed as they are just warnings but generally looking at it, I guess the code should check whether the file is not linked before running the symlink command for each line. I think the relevant part is: Code: if($ret == 0) { // certbot returns with 0 on issue for already existing certificate $acme_cert_dir = '/etc/letsencrypt/live/' . $hostname; symlink($acme_cert_dir . '/fullchain.pem', $ssl_crt_file); symlink($acme_cert_dir . '/privkey.pem', $ssl_key_file);
@ahrasis, how were the certificate files in /usr/local/ispconfig/interface/ssl/ created on your system? With certbot, those should only be symlinks, not actual files, though you sometimes/frequently have customizations which might explain that. In that other issue the certificate files were 2 years old, my guess is maybe they were self-signed certs, not letsencrypt, so the expiry went unnoticed - if so, that's an less common case, using self-signed (or very expired) certs in production, even though a certificate for the server name was already created.
The LE SSL certificates for the server are there already, that are dns-challenge wildcard certificates. I opted to create new ISPConfig SSL nonetheless to see what are the effects should one already has them In theory, if the certificates are more than 60 days, such option will renew them, and if less, it will state that certs are not due for renewal, which is what partly happened. The warnings do not cause any problem to me though.
