Good day all, While searching around for the file that initiates the installation of an ssl cert I found: /usr/local/ispconfig/server/lib/classes/letsencrypt.inc.php This file allows me to change the behavior of the cert install. Question is... what file initiates the removal of a certificate? I can't seem to find anything that relates to revoking a certificate. Thanks.
Currently, when LE is disabled, the cert is not removed. See https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5226
To remove a certificate, I use rm -rf /etc/letsencrypt/live/{DOMAIN} rm -rf /etc/letsencrypt/renewal/{DOMAIN}.conf rm -rf /etc/letsencrypt/archive/{DOMAIN}
Ahhh, ok, so that would explain why I couldn't find anything. So my next question would be What file is responsible for the removal of the certificate within ispconfig? (ie. removal from apache config, etc...)
When you disabled disable SSL, the vhost is regenerated based on the vhost template. The SSL lines will be left out when it is not enabled.
As @Th0m said. Just a bit more background: If you activate SSL, then the certs in /var/www/clients/clientX/webYY/ssl are used. If you activate LetsEncrypt, the certs are generated and a symlink (certbot) or copy (acme.sh) is created in that webYY/ssl folder. If you deactivate SSL, the config to use is deactivated, but the certs stay where they are. You can remove them manually or overwrite with your new ones
Much thanks for the guidance everyone. I was able to find what I was looking for. It was in the: /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php file. on line 1338. It is a block of code that controls the ssl columns in the database. I am able to use that to automate my own updates.
