Yet another letsencrypt topic

Discussion in 'Installation/Configuration' started by mitja, Feb 23, 2017.

  1. mitja

    mitja New Member

    Hi there! I'm opening this topic, because others went offtopic, or were not resolved.

    I have a problem with ISPCONFIG 3.1.2 and letsencrypt certificates. At version 3, I have created "mod", which was generating letsencrypt configs. After I updated to 3.1.2 I overwritten what I have done.

    Now I have different problems.

    WARNING - Let's Encrypt SSL Cert for: domain.tld could not be issued.

    I've tryed to update from console, but bot overwrites all vhosts and kills apache. I have to remove all domains, manually correct vhosts, so apache can run and rebuild apache vhosts through ispconfig admin interface. And this cant take hours of not sleeping :D

    It is possible, some certs were generated before you were officially supported lestsencrypt. How can I revert this? Interesting is, that many new domains (which certs I never created through console), got the same message.

    Can I somehow force ispconfig to delete all that happened "outside of ispconfig", so it will solely create new vhosts, certs, and it could be enabled through the panel?
     
  2. sjau

    sjau Local Meanie Moderator

    did you also delete all of /etc/letsencrypt or just cleaned the vhosts?
     
  3. mitja

    mitja New Member

    That was the first thing I deleted. Thank god I had a backup, I had to take certs from there, so I could run apache :p
     
  4. sjau

    sjau Local Meanie Moderator

    removing /etc/letsencryt and removing the sites-enabled links except the ISPC one should do it.... then just edit the other vhosts and re-enable them through the ISPC
     
    ahrasis likes this.
  5. mitja

    mitja New Member

    @sjau: tryed that. Letsencrypt stays the same. Worked for domains that worked, and not working for domains that didnt. So this is not a sollution
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    What sjau suggested is the correct solution. Domains that you created before in LE have to be removed completely from LE, the directory to remove them can be different from /etc/letsencrypt/ depending on your setup. If a domain has a manually created LE cert, then this domain is excluded from ispconfig LE ssl, that's why the removal is necessary.
     
    ahrasis likes this.
  7. mitja

    mitja New Member

    Ok will try this at night, when customers wont be harmed :) Will let you know if this worked as it should
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Try it just for one domain, each SSL cert is separate, so just try to wipe out just one cert completely in LE and then try to use ispconfig to recreate it. Use the ispconfig debug mode and also check the LE logfile in case it does not work so we can try to find out what the issue is.
     

Share This Page