My LetsEncrypt cert did not autorenew so I tried to manually renew it and in the process now I cannot connect the ISPConfig to reenable the LE option in the web interface. ...This is what I did: disabled LetsEncrypt for the site in: sites/web domain/let's encrypt ssl ...delete the cert (twice) se: https://www.howtoforge.com/community/threads/urgent-renewed-le-cert-is-not-working-on-iphones.87477/ certbot delete --cert-name mail.usnmit.com certbot delete --cert-name mail.usnmit.com now I can't get into the website to reenable LE option!! **how do I completely remove and renew the LE cert?** systemctl status apache2.service gives me: root@mail:/etc/letsencrypt/renewal# systemctl status apache2.service ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: failed (Result: exit-code) since Sun 2021-10-17 10:54:26 CDT; 9min ago Process: 29010 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE) Process: 1621 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS) Process: 2568 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) Main PID: 7200 (code=exited, status=0/SUCCESS) Oct 17 10:54:26 mail.usnmit.com systemd[1]: Starting The Apache HTTP Server... Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vh Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: Action 'start' failed. Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: The Apache error log may have more information. Oct 17 10:54:26 mail.usnmit.com systemd[1]: apache2.service: Control process exited, code=exited status=1 Oct 17 10:54:26 mail.usnmit.com systemd[1]: apache2.service: Failed with result 'exit-code'. Oct 17 10:54:26 mail.usnmit.com systemd[1]: Failed to start The Apache HTTP Server.
seems as if you deleted the certificate for the server hostname, which is used by all kind of services, which fail now due to the missing cert. Never delete a cert when it does not renew, instead, look why it does not renew and then fix the cause of the non-renewal instead. The best option to fix your system is probably to run an ISPConfig update and let the ISPConfig updater create a new ssl cert.
I ran the update but when I try to open the web interface in firefox it says: Secure Connection Failed An error occurred during a connection to mydomain.com:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG in chrome it says: This site can’t provide a secure connection mydomain.com sent an invalid response.
Is the error message different than before you ran update? Did you choose during ispconfig update to create new certificate and force reconfigure services?
The web errors are the same but I get these errors when I run ispconfig_update.sh --force PHP Warning: copy(/usr/local/ispconfig/interface/ssl/ispserver.crt): failed to open stream: No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3020 PHP Warning: copy(/usr/local/ispconfig/interface/ssl/ispserver.key): failed to open stream: No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3023 Cert not yet due for renewal Keeping the existing certificate PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3117 PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3118 Issuing certificate seems to have succeeded but /etc/letsencrypt/live/mail.mydomain.com/cert.pem seems to be missing. Falling back to self-signed. Can't load /home/manager/.rnd into RNG 139754959024576:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/manager/.rnd Generating a RSA private key ..........................................................++++ .................++++ writing new private key to '/usr/local/ispconfig/interface/ssl/ispserver.key' req: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writing, Too many levels of symbolic links Reconfigure Crontab? (yes,no) [yes]:
So you are running ISPConfig despite posting on Linux forum? When you wrote you actually meant you tried to run the upgrade but it fails. Start with this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ to see ISPConfig is in reasonable condition. That has also link to LE error FAQ.