SSL certificat will need automation renewal

Discussion in 'Server Operation' started by Daniel Rouleau, Mar 11, 2026 at 2:56 PM.

Tags:
  1. Daniel Rouleau

    Daniel Rouleau New Member HowtoForge Supporter

    Good day
    I don't know if you saw that annoncement https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days but i just did a certificat renewal for an other server (not ISPconfig) and it is now only good for 200 days, so I will need to manually renew twice this year, I also have multiple web site manage on ISPconfig that used manual certificat that I will need to renew, I don't use let's encryp that much because over time I have found it that it lack reliability and it bugs sometime during renwal process that leave site with bogus certificat that prevent user from visiting it, with the new policy ISPconfig will need to have the SSL certificat page automated somehow after manual creation so that certificats in 2027 will have to be renewed on monthly bases with acme tool or other mean of automatic renewal.
    I all transparency this is really bugging me because I relly on manual certificat so I know that automatic renewal wont bug, so I think we will need to have a way to test/alert let's encrypt certificat when there is renewal bug (so I don't have to wai for customer to call in to report bug). And alos have a acme procedure to renew expiring manual certificat also with alerts when renewal failed (for exemple when certificat has not been paied)
     
    Daniel Rouleau, Mar 11, 2026 at 2:56 PM
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    LE certs renew automatically in ISPConfig, so there are no changes needed for sites that use LE certs. I have never had any LE renewals fail on my systems unless the domains where pointed to different servers and I missed deleting the now unused site. LE is very reliable. You might want to check why renewal sometimes fail on your systems and then find a solution for your specific problem, maybe you have internet connectivity problems or you pointed domains to another server and missed deleting the old site. There are no general issues with LE renewals as far as I know. LE tries to renew over and over again, once every night, so you'll have constant failures over weeks that make your websites unreachable, to cause an expired certificate.

    But adding a job that tests certs regularly and warns if one fails is a good idea imho.
     
    till, Mar 11, 2026 at 3:10 PM
    #2
  3. Daniel Rouleau

    Daniel Rouleau New Member HowtoForge Supporter

    Thank you for the quick answer
    I will retry LE, but the new SSL procedure will render the manual SSL pretty much useless, manual renewal every few months is not sustainable. So I think it would be a good idear to have somehow an automatic renewal process available for anyone who would want alternate certificat source other then Let's Encrypt, for example for domain that would require OV certified ssl or other SSL type that are not standard LE
     
    Daniel Rouleau, Mar 11, 2026 at 6:31 PM
    #3

Share This Page