Posts by saberjy

Of all the fixes, this is the only one that worked for me on Ubuntu 18.04 with php7.1 (i-MSCP 1.5.3 Build: 2018120800).

Quote from kess

Hello guys,

there you can find the solution I've adopted in order to get the systems working with every type of certificate (self signed, from CA or Let's Encrypt)

I didn't change absolutely nothing in the code of i-MSCP, everything is original.

The following has been tested ONLY on Debian Stretch x64, with a standard i-MSCP installation. No strange things.

1. Integrate the new LE CAs in your system:

Code

1. mkdir /usr/share/ca-certificates/letsencrypt
2. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/isrgrootx1.crt https://letsencrypt.org/certs/isrgrootx1.pem
3. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/isrg-root-x2.crt https://letsencrypt.org/certs/isrg-root-x2.pem
4. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/isrg-root-x1-cross-signed.crt https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem
5. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/lets-encrypt-r3.crt https://letsencrypt.org/certs/lets-encrypt-r3.pem
6. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/lets-encrypt-r3-cross-signed.crt https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
7. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/lets-encrypt-r4.crt https://letsencrypt.org/certs/lets-encrypt-r4.pem
8. curl --insecure -Lo /usr/share/ca-certificates/letsencrypt/lets-encrypt-e2.crt https://letsencrypt.org/certs/lets-encrypt-e2.pem
9. dpkg-reconfigure ca-certificates

Here a Dialog appears.

- In the first dialog choose "yes"

- In the second select your new 7 CA certificates to import and then click OK

The result should be as follows:

Code

1. Updating certificates in /etc/ssl/certs...
2. 7 added, 0 removed; done.
3. Running hooks in /etc/ca-certificates/update.d...
4. done.

2. Remove any previous certbot versions:

Code

1. apt remove certbot

3. Install the new and supported certbot version

Code

1. apt install snapd
2. snap install core && snap refresh core
3. snap install --classic certbot

4. Optional, but recommended, edit the file /var/www/imscp/gui/plugins/LetsEncrypt/config.php and update the section as follows:

Code

1. 'certbot_create_options' => [
2. '--preferred-chain ISRG Root X1'
3. ],

Save and close;

5. Remove previous symlinks that could still exist, we'll fix them in next steps:

Code

1. rm /usr/bin/certbot
2. rm /usr/local/sbin/certbot

6. HIT THE "UPDATE PLUGINS" BUTTON here: https://your.server.panel:1234/admin/settings_plugins.php

If everything goes well, the LE Plugin will reconfigure.

7. Now it's time to fix the symlinks:

Code

1. rm /usr/bin/certbot
2. ln -s /snap/bin/certbot /usr/bin/certbot
3. rm /usr/local/sbin/certbot
4. ln -s /usr/bin/certbot /usr/local/sbin/certbot

8. Now a little check:

Code

1. which certbot
2. Result:
3. - /usr/local/sbin/certbot
5. which -a certbot
6. Result:
7. - /usr/local/sbin/certbot
8. - /usr/bin/certbot
9. - /snap/bin/certbot

9. And the final check:

Code

1. /usr/local/sbin/certbot --version
2. Result:
3. certbot 1.19.0

Now your system will have:

- The new CA from LE that it didn't have before

- The new supported version of certbot that knows the new chains

I tested the procedure on more boxes and it works for certificates creation and for certificates revocations. I don't know if it works for renewals. Please test it and kindly report back.

Hope it helps,

bye Kess.

Display More