Hi guys, i use ubuntu 20.04 and ISPConfig 3.2 i used the ISPConfig migration tool to migrate all accounts to another server as a backup. Can it be possible, that the SSL certificates not renovate automatic after the migration? I have a domain and in ISPConfig i can see the SSL certificate is working. Under domain SSL and letsencript the box is checked and under SSL i can see the certificate, so i wonder why it does not work. How i can check if the certificate is working for that domain? thanks a lot for your kind help.
Yes, this is true. The easy fix is to disable LE manually and re-enable it when the cert expires within 30 days. The renewal only works on the server that your DNS record points to. When there is also a cert shown in the SSL tab, this can conflict with the SSL cert. Disable LE, go to the SSL tab, select "Delete certificate" as SSL action and then save. When this is done, re-enable LE.
thanks a lot it is working. may i ask another question, i have SSL cert on the domain and it works well but on the email when i want to send i get a not secure warning, the domain and the server have a valid ssl certificate. do you have any idea where i can look to make email work without a secure warning? thanks a lot for your help
For email, you check what certificates you have in use (postfix and dovecot), ensure those are correct, then have the client use a hostname that is in the certificate. Code: # postconf smtpd_tls_cert_file smtpd_tls_key_file smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key # grep -E '^ssl_(cert|key)' /etc/dovecot/dovecot.conf ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key # ls -l /etc/postfix/smtpd.{cert,key} lrwxrwxrwx 1 root root 48 Sep 22 14:59 /etc/postfix/smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt lrwxrwxrwx 1 root root 48 Sep 22 14:59 /etc/postfix/smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key # ls -l /usr/local/ispconfig/interface/ssl/ispserver.{crt,key} lrwxrwxrwx 1 root root 49 Jan 5 08:20 /usr/local/ispconfig/interface/ssl/ispserver.crt -> /root/.acme.sh/server.hostname.fqdn/fullchain.cer lrwxrwxrwx 1 root root 52 Jan 5 08:19 /usr/local/ispconfig/interface/ssl/ispserver.key -> /root/.acme.sh/server.hostname.fqdn/server.hostname.fqdn.key In my example, using the server's name "server.hostname.fqdn" should work without error, whereas using "mail.clientdomain.tld" would give a certificate error.