ISPConfig 3.2, Apache and LetsEncrypt

Discussion in 'Installation/Configuration' started by Taxi, Dec 10, 2020.

  1. Taxi

    Taxi Member

    Dear Community,
    I'm running Debian Testing with PHP 7.4.11.
    I have Problems with SSL and LetsEncrypt. When I check the Let's Encrypt button in the configuration of a website in ISPConfig, then the certificate is generated only in the /root/.acme.sh/ directory, but not in the /etc/letsencrypt/ssl/live/ directory.
    When I'm running certbot from the command line and choose a website, then the certificate is created in /etc/letsencrypt/live/ directory.
    Any ideas on this behavior?
    Many thanks
    Christian
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Firstly, I think default LE client is acme.sh in ISPConfig 3.2 i.e. if you don't have official LE client installed (i.e. either certbot, certbot-auto or letsencrypt).

    Secondly, though its code will choose acme.sh over certbot, you should not have two or more LE clients installed nor should you use to obtain LE SSL certs via cli.

    The behaviour you mentioned is exactly what will happen should you mix two or more LE clients in your server and use one of them to issue LE SSL certs from the terminal.

    What you should do is have ony one LE client installed, do not use cli to obtain LE SSL certs unless you know what you are doing and follow LE FAQ to troubleshoot if you have problems with LE.
     
    Jesse Norell likes this.
  3. BartelBe

    BartelBe New Member HowtoForge Supporter

  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I don't think your problem is the same as in the opening post, so next time note that the best is to open a new thread, by following the guide on how to open one.

    The said tutorial is no longer relevant to 3.2 and though I wrote it, I would advise against using it from ISPConfig 3.2 further on, unless you really really know what you are doing.

    Using certbot or acme.sh, my personal advise is to undo all that you did following that tutorial and use ISPConfig 3.2 force update to install the certs automatically.
     

Share This Page