Why do letsencrypt certs link to archive and not live directory?

Discussion in 'General' started by mopox, Sep 9, 2017.

  1. mopox

    mopox New Member

    I am usung letsencrypt with ispconfig. sometimes i have to renew my certs manually. for example in the case of a migration when the ssl domain still isnt connected to the new server.

    but ispconfig by default is linking to the ../[..]/etc/letsencrypt/archive/domain... directory instead to /etc/letsencrypt/live/domain... .so ./certbot renew doesnt have any effect unless i am changing the symlinks.

    What is the reason for that? how can i initiate a dry-run or a wet certificate renewal with certbot or letsencrypt.

    i am using ispconfig latest build on ubuntu 16.04 and nginix. i ve root access.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you run an old ISPConfig version and did not create the LE cert in ISPConfig 3.1.6.
  3. mopox

    mopox New Member

    yes, i updated the minor version. though, it had been a clean 3.1. <6 version initial. so will a resync solve the problem?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Deactivate LE in the website, press save, activate it again and press save.
  5. mopox

    mopox New Member

    mhhhh, i just activated ssl + letsencrypt with a domain that hadnt lets encrypt before and it is still linking to ...archive...

    how to script that rebuild of the ssl links? there are more then 10 domains todo ....

  6. mopox

    mopox New Member

    for debuging:

    [email protected]:~# cd /var/www/domain.de/ssl/
    [email protected]:/var/www/domain.de/ssl# ls -l
    total 12
    lrwxrwxrwx 1 root root 66 Sep 11 14:26 domain.de-le.bundle -> ../../../../../../etc/letsencrypt/archive/domain.de/chain1.pem
    lrwxrwxrwx 1 root root 70 Sep 11 14:26 domain.de-le.crt -> ../../../../../../etc/letsencrypt/archive/domain.de/fullchain1.pem
    lrwxrwxrwx 1 root root 68 Sep 11 14:26 domain.de-le.key -> ../../../../../../etc/letsencrypt/archive/domain.de/privkey1.pem​
  7. HSorgYves

    HSorgYves Active Member HowtoForge Supporter

    @till my domains created in 3.1.6 also point to archive.
    Although I have the following:
    /usr/local/ispconfig/server/lib/classes# grep -nr archive * | grep live
    system.inc.php:921: if(strstr($to,'/etc/letsencrypt/archive/')) $to = str_replace('/etc/letsencrypt/archive/','/etc/letsencrypt/live/',$to);
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Thanks. I'll check that.

Share This Page