Removing site does not remove it from certbot

Discussion in 'ISPConfig 3 Priority Support' started by Taleman, Jan 23, 2019.

  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I noticed certbot shows errors in /var/log/syslog:
    Code:
    Jan 23 12:18:22 web systemd[1]: Starting Certbot...
    Jan 23 12:18:27 web certbot[9940]: Attempting to renew cert from /etc/letsencrypt/renewal/removedsite.fi.conf produced an unexpected error: F
    ailed authorization procedure. www.removedsite.fi (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Inva
    lid response from http://www.removedsite.fi/.well-known/acme-challenge/BX4nf0DJ-pzeo2d-kbE2kupwvLhhwV_jDK0jZGlaF2o: "<!DOCTYPE html>\n<html i
    d=\"XF\" lang=\"fi-FI\" dir=\"LTR\"\n\tdata-app=\"public\"\n\tdata-template=\"forum_list\"\n\tdata-container-key=\"\"\n\tdata", removedsite.f
    i (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://removedsite.fi/.well-kn
    own/acme-challenge/uxr-4NaB18SFN-F5ltTApf2NlFLg07Qhg7haqiRJry0: "<!DOCTYPE html>\n<html id=\"XF\" lang=\"fi-FI\" dir=\"LTR\"\n\tdata-app=\"p
    ublic\"\n\tdata-template=\"forum_list\"\n\tdata-container-key=\"\"\n\tdata". Skipping.
    This removedsite.fi (name changed) was moved away from this server. I have unticked the Active in website settings. And now I unticked the SSL and Let's Enrypt also.
    This does not remove the site from /etc/letsencrypt/* directories. I think it should, so certbot does not show errors in the logs.
    Can I remove manually all files from letencrypt?
    Code:
    [email protected]:/etc/letsencrypt# find . -name *removedsite*
    ./renewal/removedsite.fi.conf
    ./live/removedsite.fi
    ./archive/removedsite.fi
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I agree that we should add an option in ISPConfig server settings so the admin can choose whether he wants to remove an LE cert when the site gets deleted or not. We did not remove certs in the first place as other services might be using them too.

    Yes
     

Share This Page