Ispconfig uses wrong le3 cert

Discussion in 'General' started by George Girgolas, Jun 26, 2019.

  1. George Girgolas

    George Girgolas New Member

    Accidentally the files in /etc/letsencrypt/domain.com where deleted.
    Also the files in crs folder.
    I managed to restore them from my daily backup,but now when I hit
    Https://domain.com, I get cert error. In fact it is using the cert from another domain that is also hosted on the same server!!
    How can I tell ispconfig to use the right cert?
     
  2. ahrasis

    ahrasis Well-Known Member

    Did you restart your web server?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you get the wrong ssl cert but the right website is shown after accepting the error or do you the wrong website (you enter a.com in the browser and get ssl cert and content of b.com)? If you get the ssl cert and content of b.com, then a.com has no ssl enabled. check a.com again if SSL and let's encrypt checkboxes stay ticked 1-2 minutes after you activated them.
     
  4. George Girgolas

    George Girgolas New Member

    Letsencrypt checkboxes stay ticket!. The right website is shown when I accept the error. Letsencrypt log shows that too many requests for certificate for the same domain has been made, so only after 7 days the will issue a new one.

    But I have the files after the backup, meaning I have the cert. How can I tell ispconfig to use it????
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Untick the sll and le checkbox, save, enable it again. Before you do that, ensure to update to ispconfig git-stable branch with ispconfig_update.sh command.
     
  6. ahrasis

    ahrasis Well-Known Member

    You cannot issue new certs for now, so try to check the links in your website ssl folder then. To which LE folder its certs redirect to. It could already has multiple folders, so you'll need to fix their links.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig will reuse existing SSL certs automatically when it contains the right domain names, there should be no need to alter any symlinks on the shell then, see post #5 for the procedure.
     

Share This Page