Some Warnings While Updating ISPConfig

Discussion in 'Installation/Configuration' started by ahrasis, Nov 15, 2021.

  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Hi. I run ispconfig_update.sh, choose create SSL certs, and get these warnings:
    I am not sure what is the best fix for these or whether they should be fixed as they are just warnings but generally looking at it, I guess the code should check whether the file is not linked before running the symlink command for each line.

    I think the relevant part is:
    Code:
                        if($ret == 0) {
                            // certbot returns with 0 on issue for already existing certificate
                            $acme_cert_dir = '/etc/letsencrypt/live/' . $hostname;
                            symlink($acme_cert_dir . '/fullchain.pem', $ssl_crt_file);
                            symlink($acme_cert_dir . '/privkey.pem', $ssl_key_file);
    
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I think the fix by @Jesse Norell above should work. Thank for the fix.
     
    Jesse Norell likes this.
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    @ahrasis, how were the certificate files in /usr/local/ispconfig/interface/ssl/ created on your system? With certbot, those should only be symlinks, not actual files, though you sometimes/frequently have customizations which might explain that. In that other issue the certificate files were 2 years old, my guess is maybe they were self-signed certs, not letsencrypt, so the expiry went unnoticed - if so, that's an less common case, using self-signed (or very expired) certs in production, even though a certificate for the server name was already created.
     
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The LE SSL certificates for the server are there already, that are dns-challenge wildcard certificates.

    I opted to create new ISPConfig SSL nonetheless to see what are the effects should one already has them

    In theory, if the certificates are more than 60 days, such option will renew them, and if less, it will state that certs are not due for renewal, which is what partly happened.

    The warnings do not cause any problem to me though.
     

Share This Page