Wrong cert file name in nginx vhost config file

Discussion in 'General' started by Roger Levau, Jan 9, 2019.

  1. Roger Levau

    Roger Levau New Member

    Hello

    I just upgraded our ispconfig to version 3.1.3. When enabling ssl and letsencrypt for a site the cert files created in the ssl folder get a -le.crt ending but in nginx site config the filename is set to end with just .crt. This cause an error in the validation of the site config.

    Disabling the ssl and letsencrypt checkboxes removes the error. Files are still present.

    Renaming the files by removing the -le part and then reenable the ssl and lets encrypt checkboxes will enable ssl support. However renewals will probably not work.

    There must be a missmathc between the letsencrypt and ispconfig file naming scheme.

    Anyone with knowledge on how to fix this?

    Regards
    Roger
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you have a custom nginx master template on your server? The problem that you describe happens when you use a custom master template and did not update it to be compatible with the new ISPConfig version.
     
  3. Roger Levau

    Roger Levau New Member

    Hi Till, thank you for your quick reply. I can not find any custom template, but I found nginx_vhost.conf.master located in /usr/local/ispconfig/server/conf. In that file the certs are set by these lines.

    ssl_certificate <tmpl_var name='ssl_crt_file'>;
    ssl_certificate_key <tmpl_var name='ssl_key_file'>;

    Where do this variables get set and what controls the values? Or is it possibly just a conf file that needs editing?
     
  4. ahrasis

    ahrasis Well-Known Member

    In the website settings. It works with -le only if LE works and if just SSL (without LE), it will be without -le.

    I personally improvised this feature since some LE (wildcard) for my websites may be issued from terminal and not from ISPConfig website settings page.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The variable gets set by the ispconfig nginx plugin automatically when you use LE, then the varaible name,e contains the -le in the name and when you setup up an SSL cert on the SSL tab. then the cert from SSL tab is used. So if you get a file name without -le, then you probably have set up an SSL cert on the SSL tab of the website and this takes precedence over an LE SSL cert. Remove the SSL cert from SSL tab by using the delete action there.
     

Share This Page