I don't know how it happened but after upgrading to 3.3 the cron job 800-letsencrypt_cleanup.inc.php deleted most of my letsencrypt certs so that on the next apache restart the server refused to start due to missing certs. Finding a backup and putting the certs back where they needed to be took me half an hour. Most of the certs were created using certbot directly and then linking the certs rather than in ispconfig. I kind of think that cleanup script should check that sites are not linking to certs before cleaning them up and breaking apache. I haven't figured out where to set $web_config['le_auto_cleanup'] to false in the UI or in the database. Any tips?
Found it: server config / ssl settings Not somewhere I have ever looked before.. I can see why it's useful to cleanup unused certs but it would be nice if that cleanup could do a dry run and not default to on.
In a normal ISPConfig setup you don't create SSL certificates outside of ISPConfig. So if you decided to work around the defaults, things like this can happen.
I agree. This particular ISPConfig setup predates when ISPConfig supported letsencrypt so some of the certs on older sites were setup outside of ISPConfig with a couple of the certs having multiple domains. I mostly posted this here so anybody else that runs into the same issue can figure out what to do about it a bit faster than I did.
