ISPCONFIG showing nonexisting certificates

Discussion in 'Server Operation' started by Tomislav Aurednik, Dec 2, 2020.

  1. Tomislav Aurednik

    Tomislav Aurednik Member HowtoForge Supporter

    Sites -> Domain -> SSL -> SSL OFF
    Sites -> Doiman -> SSL -> SSL Action -> Delete certificate
    but
    - certificates still exist in /var/www/site/ssl
    - SSL KEY and SSL Bundle are still populated

    SSH, navigate to SSL folder, delete all files. so /var/www/site/ssl folder is empty
    Restart Apache, restart browser.
    But for this site there are SSL KEY and SSL Bundle are still populated...

    upload_2020-12-2_9-45-31.png

    Any idea where is this data coming from ? ISPCONFIG version 3.1.15.p2

    The problem originates from inability to enter new (renewed) certificates. In the meantime I enabled Let's Encrypt, which is working normally. But these two fields are stil populated...

    Any idea is appreciated.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    These are in the ISPConfig database and shall stay populated. if you want to replace SSL certs, copy the new SSL cert into the SSL fields and choose 'save certificate' in the actions field and press save. See also ISPConfig manual, the procedure is described there. Apache reads the SSL certs from the files in the SSL folder of the website and when you choose to delete the certs by using delete certificate option on SSL tab of the site, then ispconfig removes the SSL certs from SSL folder.
     
  3. nhybgtvfr

    nhybgtvfr Active Member

    if you've unchecked the ssl option in the website's domain tab, then the port 443 virtualhost configuration is removed from the sites vhost file, and no certificate is applied. any files left in the ssl folder are unused, and any information in the ssl tab is not applied.
    the information is kept there so that you can re-create or re-apply the certificate at a later date.

    the information in the ispconfig ssl tab is the existing manually entered certificate information for an externally purchased certificate.
    if you are renewing this certificate, you can leave the ssl key and ssl request information as it is, and replace any information in ssl certificate and ssl bundle with the new information for the renewed certificate sent to you by the certificate provider, then select 'save certificate' from the dropdown and click the save button.

    if you enable a letsencrypt certificate, then you'll notice that that symlinks are created, with '-le' in the filename, right before the suffix, and these symlinks point to the actual certificate files in the letsencrypt folders.
    again, the vhost configuration file is changed, with the certificate information changed to match the letsencrypt paths/names.
    any existing pre-purchased certificate files are no longer used, but still available, and the information for them is still in the websites SSL tab, but again, this information is no longer actually used.
     
  4. Tomislav Aurednik

    Tomislav Aurednik Member HowtoForge Supporter

    This is understandible, but forgot to mention one thing : despite selecting option "Delete cerfiticates" nothing was deleted from SSL folder. I removed them manually. Checked file privileges, exactly the same as in working website.

    Obviously there's some issue with certificate itself, will investigate further.
     

Share This Page