LetsEncrypt - SSL certificate is not valid

  • Yes, if you rerun the UPDATE plugin, it replace the certbot with the old one package with it.


    In this case, delete it and redo the symlink with the one from snapd, should be enough :)

    same result as above ... ssl-vhost deleted after a request for a new cert


    I'm testing with a subdomain created as a main user account:

    test.mydomain.tld


    plugin settings > DNS names > removed > http://www.test.mydomain.tld

    cert request for

    test.mydomain.tld

    Edited once, last by fulltilt ().

  • and only after a

    Code
    1. sudo service imscp_panel restart


    the panel also shows

    Invalid SSL certificate


    seems to be caused by some caching stuff ...

    the panel is running w/ PHP 7.0 APC enabled


    means the certs are not being removed as before, just the apache ssl vhost files ... maybe a path issue when using snapd certbot

    Edited 3 times, last by fulltilt ().

  • With the snapd solution, I'm fine (did the same as you, the chain1.pem to the same site, R3/ISRG1)

    pasted-from-clipboard.png



    But, I just tried to add a new subdomain, then add the SSL with the LE plugin, and today, don't ask me why, not working

    Code
    1. Some challenges have failed. at /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm line 834.


    Maybe the DNS isn't yet fully replicated all over the world, so I'm waiting a little to try again.





    Edit : I confirm, this was a DNS propagation issue (was a fresh new subdomain), just retried now (22:40) and it pass:

    pasted-from-clipboard.png


    R3 by ISRG X1, so this is working.


    I just got a little issue, the "cross-signed" certificate in CA-Certificate, I disabled those, wasn't able to use CURL with sites based on Let'sEncrypt SSL certs.

    Edited 2 times, last by Athar ().

  • I just got a little issue, the "cross-signed" certificate in CA-Certificate, I disabled those, wasn't able to use CURL with sites based on Let'sEncrypt SSL certs.


    Thank you for the details!

    Could you give us a list of the CA certs which have been added & removed?


    on my test VPS this one is still in place

    Code
    1. cat /usr/lib/ssl/certs/2e5ac55d.0

    Edited 2 times, last by fulltilt ().

  • I have cleaned up some more stuff ... it works now. also with Debian Buster!

    see below


    Undo Fix by vege.net (when in use) and DST Root CA X3 removal

    I've added some more stuff to the snap certbot fix!

    Certbot Fix by kess:

    thanks a lot to: vege.net, kess, Athar, Nuxwin and everyone else who helped & suggested solutions

    Edited 14 times, last by fulltilt ().