LetsEncrypt - SSL certificate is not valid

  • Of all the fixes, this is the only one that worked for me on Ubuntu 18.04 with php7.1 (i-MSCP 1.5.3 Build: 2018120800).

  • kess Thank you for your work!

    The certificates are created correctly, but the apache vhost ssl.conf files are no longer created automatically ...

    They all are created correctly for me... on all of my servers


    The only issue is that sometimes you need to revoke and then recreate the certificate in order to work correctly.

  • Hi Kess,


    thnx for your "snapd" solution. It works for several servers running with


    Distributor ID: Debian

    Description: Debian GNU/Linux 9.13 (stretch)

    Release: 9.13

    Codename: stretch


    i-MSCP 1.5.3

    Build: 2018120800

    Codename: Ennio Morricone


    and finally the renewals works too. :thumbsup:


    For the results have a look to

    https://www.ssllabs.com/ssltes…tewerk.net&hideResults=on

    // Rating A+


    https://www.ssllabs.com/ssltes…tewerk.net&hideResults=on

    // Rating B


    Have a nice day

    HanjoLIx

    Do it today, tomorrow it may be taxed or illegal...

    Edited 2 times, last by bytewerk.net ().

  • They all are created correctly for me... on all of my servers


    The only issue is that sometimes you need to revoke and then recreate the certificate in order to work correctly.


    works perfectly!

    I had to clean up some old DST Root CA X3 stuff and had to use "sudo" for the snap install ...

    Many thanks!

    Edited once, last by fulltilt ().

  • it seems we need to use the vege.net fix (OpenSSL.pm line 134) when running i-mscp re-configuration (installer) task ...

    the panel & customer certs are marked as invalid after a i-mscp re-configuration

    Code
    1. [DEBUG] iMSCP::OpenSSL::validateCertificate: error /etc/imscp/imscp_services.pem: verification failed
    2. [DEBUG] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp.lock
    3. [FATAL] Missing or bad entry found in configuration file.
    4. [ERROR] iMSCP::Dialog::_execute: Failed dialog:
  • re-configuration tasks:

    with a new system it seems to work if all certs have been created with the snap certbot kess fix ...

    However, existing LE certs with the old chain are marked as invalid and the apache ssl configs are deleted.

    To avoid the problem you would have to replace all old chain1.pem and fullchain1.pem with the new one:


    does anyone have an idea how to repair the whole thing for all chains under "/etc/letsencrypt/archive/*/" at once?


    maybe a bash script which processes all the subfolders in a loop ...

    Edited once, last by fulltilt ().