@ahrasis i have a single server setup with few websites I have followed the perfect server setup on my debain 9.13 (stretch) earlier and used your script to setup Letsencrypt. i had a many months of trouble free operation and my Vultr VPS server runs without any problem. This December my server failed to renew itself through the cron script. I understood that your script is deprecated and followed your advice to remove the script and subsequent recommended changes. Somewhere in between i got lost and my server is in a state of limbo. i will try to troubleshoot with the faq @till has provided. honestly, i am skeptical because of the state of limbo I mentioned earlier. can you please help with step by step check list to find out what is missing and its resolution. Feeling lost and helpless edit: i will do the steps mentioned int he FAQ and let you all know when i get struck up.
Remove all of them manually or use removal script available at my github account. Then use ispconfig update to install cert to your server.
And the certbot version might be outdated (which might be the sole reason for your issue), recent certbot versions are available via snap only, see certbot website for instructions to update certbot.
1) i am total noobie on this ahrasis. can you tell me which path at which i can find these files. as mentioned, i already remove you script. is this something else you are referring to. 2) how to use ispconfig update to install cert. i mean, i know how to update debian packages and how to update ispconfig using the update script, but not how to update certificate.
The update script asks about creating certificate. Answer yes to get new. Since you run somewhat old OS consider installing a new system, with Debian 10 or 11 and latest ISPConfig. Then use Migration Tool to transfer all your data to the new system. This should get you a fully working setup with no problems with old certbot or other old things. https://www.ispconfig.org/add-ons/ispconfig-migration-tool/
hi till, greetings removed old certbot installed snap and certbot On the certbot website step 7 Choose how you'd like to run Certbot Either get and install your certificates... Run this command to get a certificate and have Certbot edit your apache configuration automatically to serve it, turning on HTTPS access in a single step. PHP: sudo certbot --apache Or, just get a certificate If you're feeling more conservative and would like to make the changes to your apache configuration by hand, run this command. PHP: sudo certbot certonly --apache which one should i choose, please.
Neither of those, never use the certbot command manually, but let ISPConfig handle it instead by enabling the Let's Encrypt checkbox for the site.
That's perfect, the other steps must be left out as ispconfig is handling the cert creation and update process. What you can try now (if you have not removed the script from ahrasis yet) is to run: certbot renew to see if you get a new cert now. You will have to restart apache afterwards. But try this only if you have not done other steps than updating certbot yet.
Thanks, i will try to uncheck it and check it back again, in the ISPConfig panel. I am worried that i might have deleted the certificate files and directories extensively by hand already. So how to verify that the everything is working in order, so that i can worry about renewals later.
Hi Taleman, How are you. Great to read your solutions after long time. sounds like a good plan. i have only 3 small websites besides my pet projects. Unfortunately, i cannot even afford to buy the migration tool, with the revenue i am making. However, i will be glad to make small donations to the ISPConfig team, when the opportunity presents itself.
GOOD NEWS. certbot renew worked. all websites got renewed except the latest one. error response during renewal given below. Thank you so much all of you amazing guys. solved in half an hour. meanwhile can you please advise how to fix the failing website and also, i have lot of repeats of same site in the success message with suffix -0001, -0002, 0003 and so on.
Do you have websites example.com and www.example.com? Do they work, check with browser trying to access both those sites. If that does not help, follow the Let's Encrypt Error FAQ to find what is wrong. Find it from this link: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
For the failing website, you can try to untick let's encrypt checkbox in ispconfig in website settings of that particular site, press save, enable the checkbox again and press save.
sometime ago, i read this trick from you. even though the renewals showed success they did not actually reflect in the website till i toggled them on and off in the control panel. however, this trick did not work for the failing website. also the website is little bit screwed up. cant say whether its because of letsencrypt or it was like that before itself. please allow some time to check and get back to you. thank you all of you wonderful guys and particularly you till. my advance wishes for a fantastic new year ahead.
hi taleman, yes it exists. will go through the FAQ and get back to you on my success /failure. wish you a great new year ahead as well.
The website that was failing had expired this month and I failed to notice it. Sorry for not checking it out before posting here. My sincere apologies.
