renew mail certificate?

Discussion in 'Installation/Configuration' started by willoriker, Mar 18, 2021.

  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Apache/nginx will stop working, so don't do that. What is the content of /etc/letsencrypt/renewal?
    ls -la /etc/letsencrypt/renewal
  2. willoriker

    willoriker Member

    finnaly i fixed, i check /etc/letsencrypt/live, and i found several occurrecnce of directory with FDQN, but with sufix 001,002, but no fdqn alone. i copy one of this with te name of FDQN, an voila!, installation script work perfect,. i test contro panel , and email and ftp with active LE cert.
    TX a lots
  3. willoriker

    willoriker Member

    sorry, but i am here again, i have problems with my first server ( this discussion was about 2 diferent server). i have problems again with emila server certificate. the funny thing is , now i dont receive error for script, but when i use thunderbird o others, or if i check cert in website, i get "self signed cert".
    Updating ISPConfig
    ISPConfig Port [8080]:
    Create new ISPConfig SSL certificate (yes,no) [no]: yes
    Checking / creating certificate for
    Using certificate path /etc/letsencrypt/live/
    Server's public ip(s) (, not found in A/AAAA records for
    Ignore DNS check and continue to request certificate? (y,n) [n]: y
    Using apache for certificate validation
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Cert not yet due for renewal
    Keeping the existing certificate
    Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y
    Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y
    Reconfigure Crontab? (yes,no) [yes]:
    Updating Crontab
    Restarting services ...
    Update finished.
    [email protected]:~#
    whats is the problem?
    tx in advance
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Last edited: Apr 27, 2021
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Seems like there was a A / AAAA record warning and then, there were existing LE certs.

    Most probably you got multiple certs with suffix instead of just FQDN like you mentioned earlier.

    By the way, from what I understand you fixed it manually last time by copying instead of deleting them all and issue a new request for the server FQDN.

    So in my view, that were the problems, but of course following the FAQ as suggested will tell you more.
  6. willoriker

    willoriker Member

    tx, taleman, the answer is yes and no, but i understand your comment, but i have a answer, when isp refer to dns record, refer to my domain dealer dns record or my ISp dns server?. because i dont use my ISP dns server, and i check my domains dns record and they are ok!. i see these line and i never understand them.
    Last edited: Apr 28, 2021
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    ISPConfig uses the server's resolver, so whatever your server is set to use (usually check /etc/resolv.conf to see what that is).
  8. willoriker

    willoriker Member

    my /etc/resolv.conf says
    options edns0
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Try using a open DNS resolve like /
  10. willoriker

    willoriker Member

    yes, i set this dns a long time ago
     systemd-resolve --status
              DNSSEC NTA:
    Link 2 (enp1s0)
          Current Scopes: DNS
           LLMNR setting: yes
    MulticastDNS setting: no
          DNSSEC setting: no
        DNSSEC supported: no
             DNS Servers:
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Are you connecting to in Thunderbird?

Share This Page