Create Lets Encrypt SSL Certs via Certbot DNS Validation in Acme v02

Discussion in 'Tips/Tricks/Mods' started by ahrasis, May 6, 2018.

  1. ahrasis

    ahrasis Well-Known Member

    As I said you may want to try git-stable version or you can manually edit the renewal file for each websites but the former actually contains workaround for LE via webroot (so I haven't tried it for dns-challenge) while the later is a lot more works compared to custom vhost config which you only need to have just one master for all.
    cbj4074 likes this.
  2. cbj4074

    cbj4074 Member

    Thanks for your continued replies @ahrasis .

    Hmm, maybe you're right, and a custom vhost config is the simplest solution.

    If I go down that road, what, exactly, would I need to customize?

    It looks as though ISPConfig creates symlinks in each website's "ssl" directory, whereas when ISPConfig is not used to manage the Let's Encrypt certificates, I would need to modify the custom vhost config to point to "/etc/letsencrypt/live/domain.tld...", correct?

    Of course, I would also want to ensure that the LE files actually exist for a given domain before enabling them, or NGINX won't reload/restart.

    Have you tried to do this before?
  3. cbj4074

    cbj4074 Member

    Ahhh! Upgrading to git-stable "just fixed it"! Thank you for that suggestion! Seems like it was indeed some type of bug. And now, I see all types of useful information regarding LE operations in the System Log with Debug-level logging.

    Brilliant! I think everything is working to the extent that I need now!
    ahrasis likes this.
  4. ahrasis

    ahrasis Well-Known Member

    Congratulations. I will take note on this as I will attempt some changes on my ISPConfig test server.

    I did this actually and it works fine. Since dns-challenge is done manually, I will only add the website after LE certs via dns-challenge for it are issued.

Share This Page