no letsencrypt certs for new domain

Discussion in 'ISPConfig 3 Priority Support' started by chico11mbit, Apr 19, 2019.

  1. chico11mbit

    chico11mbit Member HowtoForge Supporter

    Letsencrypt runs on all domains created so far.
    Now I have created a domain and if I check letsencrypt, the check will disappear later.
    If I do certbot renew --dry-run, this domain will show the following warning message in red:

    Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Missing command line flag or config entry for this setting:
    Input the webroot for Skipping.
    Here is the renewal file, created from ispconfig:

    # renew_before_expiry = 30 days
    version = 0.31.0
    archive_dir = /etc/letsencrypt/archive/
    cert = /etc/letsencrypt/live/
    privkey = /etc/letsencrypt/live/
    chain = /etc/letsencrypt/live/
    fullchain = /etc/letsencrypt/live/
    # Options used in the renewal process
    server =
    webroot_path = /usr/local/ispconfig/interface/acme,
    account = cfb4016996f06XXX68a169XXXXXXXXX
    rsa_key_size = 4096
    authenticator = webroot
    I have xxx'ed the account.
    All other domain runs the dryrun flawlessly.
    What can i do? The domain without ssl is working.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is a bug in latest certbot releases which causes certbot to not insert the domain names in the renewal config sometimes, there is a workaround implemented in ISPConfig git-stable. Update ISPConfig to git-stable branch with command.
    chico11mbit likes this.

Share This Page