fulltilt I did it that way before:
LetsEncrypt - SSL certificate is not valid
So probably it's time to change it for new version of certbot, as moving out all the instances of i-MSCP is not done by me yet.
try the classic certbot setup by kess
LetsEncrypt - SSL certificate is not valid
- fulltilt
- Thread is marked as Resolved.
-
try the classic certbot setup by kess
Not working as well on Ubuntu.
I'll try to fix it in different way.
Edit:
What I've done finally:
- restored up changes in code which was made here: LetsEncrypt - SSL certificate is not valid
- imported new SSL certs to OS from some newer Ubuntu
- made kess certbot setup way
Now it's working great.
Anyway, time to make moving out faster.
-
-
Display More
Not working as well on Ubuntu.
I'll try to fix it in different way.
Edit:
What I've done finally:
- backed up changes in code which was made here: LetsEncrypt - SSL certificate is not valid
- imported new SSL certs to OS from some newer Ubuntu
- made kess certbot setup way
Now it's working great.
Anyway, time to make moving out faster.
first, you have to restore the previously modified files to their original state, afterwards perform the classic certbot setup
-
Just did a check on my system and yeah, I confirm this is still working for newly added domain on my end.
On an "old" one, I got one cert from R3+Root X1.
On the new test domain created yesterday night (and certificate just a few minutes ago), got it from E6+Root X1.
But you seems to have fixed it, it's fine for now 😁
-
-
Display MoreJust did a check on my system and yeah, I confirm this is still working for newly added domain on my end.
On an "old" one, I got one cert from R3+Root X1.
On the new test domain created yesterday night (and certificate just a few minutes ago), got it from E6+Root X1.
But you seems to have fixed it, it's fine for now 😁
I can confirm that (but E5 instead of E6) a new one from yesterday shows E5 and previous certs R3.
However, I can't see any problems at the moment ...
I have also checked certs & letsencrypt tables w/ status OK everywhere
do you think it could cause problems with future renewal tasks?
### edit ###
I see that any other non-imscp system also shows R3, so I guess everything is fine!
-
Yeah, R3 should be the default, but might be replaced in the future by E5/E6 (RSA to ECDSA).
And checking some info, I can confirm this : https://community.letsencrypt.…uction-environment/150679 , I quote from the last answer 11 days ago:
QuoteIn one week, on June 6th, we will be switching to new issuance chains 38, which will include issuing ECDSA by default.
As a result, the ECDSA opt-in form is no longer needed and has been closed.
-
-
Anyway, there is still issue with snap running in lxc containers. I need to figure it out somehow (instructions from internet about adding fuse, nesting support to container didn't worked here).
Thanks guys.
-
Hi,
i just reverted the patch in
/var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm and it works
again.
For an newer version of certbot under Debain Bullseye this works:
https://gist.github.com/bmatth…b2e52ccdbc905aed73d9ca59c
# certbot --version
certbot 2.11.0
but its not necessary at the moment, or what ?
Olli
-
-
Good morning,
does anybody else have the problem that no ssl config is generated when the certificates are renewed?
I tried all solutions mentioned here, but the certs still showing up as invalid. The only thing that is working for me is the renewal with certbot manually by selecting the domain with the apache wizard, etc.
This is not doing anything automatically
Thanks a lot -
Hello, hello.
I encounter the same problem as sgumbert described, I followed kess tutorial and I got,
OS is Ubuntu 18.04LTS, last version of i-mscp and LE plugin.
theqkash, can you be more speciffic on " - imported new SSL certs to OS from some newer Ubuntu", and how should look the reverted version of /var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm ?
Thanks.
-