In a multiserver setup I've got a problem with acme.sh not even attempting to run on my email server (mx1.example.com). Basically it was working fine until I added an alias domain "mail.example.com" for main my domain "mx1.example.com". For some reason acme wouldn't run at all in order to issue a multi domain cert (log for today is empty, after multiple retries, I dont get any email notifications either). I tried turning letsencrypt off and on for mx1.example.com but nothing changes. I then manually deleted ssl folder contents from /var/www/clients/client0/web3/ssl/ and mx1.example.com folder from /root/.acme.sh, then proceeded to turn it off and on again. No change. Basically nothing happens. Last time acme successfully renewed was 12.1.2024.
Please follow the Let's Encrypt error FAQ: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ Or shall I say, in keeping with your chosen title, "yet another user that did not use forum search nor read the Let's Encrypt error FAQ"?
Guilty as charged. However unless I turned my email server back to a "web server" under server services it simply wouldn't run any config related to vhost or letsencrypt. I will say debug mode did help me to eventually come to this conclusion as not much else made sense anymore. For example these debug messages never came up until I ticked the web server option 29.12.2024-22:23 - DEBUG [letsencrypt.inc:393] - Verified domain mx1.example.com should be reachable for letsencrypt. 29.12.2024-22:23 - DEBUG [letsencrypt.inc:393] - Verified domain mail.example.com should be reachable for letsencrypt. 29.12.2024-22:23 - DEBUG [letsencrypt.inc:393] - Verified domain mail2.example.com should be reachable for letsencrypt. 29.12.2024-22:23 - DEBUG [letsencrypt.inc:393] - Verified domain mail3.example.com should be reachable for letsencrypt. 29.12.2024-22:24 - DEBUG [apache2 plugin.inc:1441] - Add server alias: mail.example.com 29.12.2024-22:24 - DEBUG [apache2 plugin.inc:1441] - Add server alias: mail2.example.com 29.12.2024-22:24 - DEBUG [apache2 plugin.inc:1441] - Add server alias: mail3.example.com 29.12.2024-22:24 - DEBUG [apache2 plugin.inc:1831] - Enable SSL for: mx1.example.com It is now working as it should. Thanks.
The SSL cert of the email system in ISPConfig is the main server certificate, which is not created through a website and, therefore, does not need the web server module. If you used a website to create a certificate, which you then manually linked to the mail system, you can't turn the web module off, as it is used to generate and renew the SSL cert on your manual setup.
Yeah, that's exactly what I've done . I find adding alias domains is a very neat method of adding additional CNs to existing mail certificate. Some customers want to type in their own email server as smtp and pop3/imap on an SSL connection. Without ticking the web server box renewals will work, issuing new certs wont however.
