Hello HTF Friends, Setup : Multi-server OS : Ubuntu 18.0.4 Server type : Nginx/1.18.0 Databse : mySql After having update to 3.2.4, issuing certs to websites no longer works. Every time i try to renew a cert i get the below error retg.server1.com - 01.07.2021-22:43 - WARNING - R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d website.com -d www.website.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d website.com -d www.website.com --key-file '/var/www/clients/client29/web189/ssl/website.com-le.key' --fullchain-file '/var/www/clients/client29/web189/ssl/website.com-le.crt' --reloadcmd 'systemctl force-reload nginx.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi Code: retg.server1.com - 01.07.2021-22:43 - WARNING - Let's Encrypt SSL Cert for: website.com could not be issued. It seems that it's trying to renew the certs via acme.sh but my current certs are in the /etc/letsencrypt/live/ format from certbot. If i manually renew with certbot, it works but via the control panel checkbox it fails. I had to reinstall cerbot because my certbot-auto which was installed is missing or no longer supported. Anyone have any ideas why auto-renewal is failing?
You should only have and using acme.sh or certbot but never use both on the same server. What is your original Let's Encrypt client? Stick to that, reinstall it if necessary and remove the other LE client folder and script totally.
As @ahrasis mentioned, never install certbot and acme.sh together. To fix your issue, remove acme.sh installation by removing the folder /root/.acme.sh/ SSL certs that you created with acme.sh will fail to renew though and you will have to reissue them using certbot then.
Actually, i never installed or knew about the acme.sh, so i'm not sure where it even came from. After upgrading to 3.2.4, all of my servers started using the acme.sh to issue certs including the control panel.
Strange this is "/root/.acme.sh/" doesn't even exist on my servers so i don't understand why it defaults to acme.sh
ISPConfig downloads and installs acme.sh when certbot is not installed. maybe you or someone esel tried to issue a LE cert while you reinstalled certbot. That's quite strange, I did not see this behaviour on any system. Maybe something is wrong with your certbot installs so that ispconfig could not find certbot anymore? Please post the result of these two commands: Code: which certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot letsencrypt which /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh that ISPConfig uses to find installed certbot and acme.sh.
My error. Looks like they do exist, just was using the wrong command. So i would just have to delete the acme folders right? Although i read through the forums that it's not recommended. If i wanted to use the acme.sh instead of Certbot, i would need to delete the letsencrypt folders and reissue all the certs?
Yes, if you have not issued any certs yet using acme.sh. if you have issued certs, then these will expire sooner or later and not renewed. Its not recommended to switch from acme.sh to certbot or from certbot to acme.sh as there is no path to migrate certs and websites wills tart to fail if you do so. Yes. Plus clean up all SSL folders of the websites and remove the links to the letsencrypt SSL certs.
Thank you @ahrasis and @till Removing the acme folder definitely solved the issue. No single idea how this got installed. I'll have to remove it on all my servers.
