Posts by kess

Well... as you can see, it didn't help...

Quote from fulltilt

kess Thank you for your work!

The certificates are created correctly, but the apache vhost ssl.conf files are no longer created automatically ...

They all are created correctly for me... on all of my servers

The only issue is that sometimes you need to revoke and then recreate the certificate in order to work correctly.

Once again: LetsEncrypt - SSL certificate is not valid

Hi fulltilt ,

thx for your reply.

With that solution, nothing has been changed in i-MSCP files or Database, everything is original.

Regarding snapd, it runs in its own sandbox... everything you have on your systems is included in /snap directory.

Problems ? I can't see... but if you don't like it in 1 or 2 years, just uninstall it using apt or apt-get and everything will be exactly as before...

certbot-auto has become unsupported, this is the only official method for managing LE Certs (Certbot documentation on eff.org).

I didn't test using the Debian Packaged Certbot in order to see if it works... I don't know if the new chains are managed or not. I'm sure the --preferred-chain option will not work on version 0.28.0 (Debian 9 packaged version).

It's up to you...

Bye Kess

Hello guys,

there you can find the solution I've adopted in order to get the systems working with every type of certificate (self signed, from CA or Let's Encrypt)

I didn't change absolutely nothing in the code of i-MSCP, everything is original.

The following has been tested ONLY on Debian Stretch x64, with a standard i-MSCP installation. No strange things.

1. Integrate the new LE CAs in your system:

Here a Dialog appears.

- In the first dialog choose "yes"

- In the second select your new 7 CA certificates to import and then click OK

The result should be as follows:

2. Remove any previous certbot versions:

3. Install the new and supported certbot version

4. Optional, but recommended, edit the file /var/www/imscp/gui/plugins/LetsEncrypt/config.php and update the section as follows:

Save and close;

5. Remove previous symlinks that could still exist, we'll fix them in next steps:

6. HIT THE "UPDATE PLUGINS" BUTTON here: https://your.server.panel:1234/admin/settings_plugins.php

If everything goes well, the LE Plugin will reconfigure.

7. Now it's time to fix the symlinks:

8. Now a little check:

9. And the final check:

Now your system will have:

- The new CA from LE that it didn't have before

- The new supported version of certbot that knows the new chains

I tested the procedure on more boxes and it works for certificates creation and for certificates revocations. I don't know if it works for renewals. Please test it and kindly report back.

Hope it helps,

bye Kess.

Pourquoi est-ce que tu veux utilizer les versions compilées quand les versions packaged de sury.org marchent parfaitement ?

C'est probable qu tu va trouver des problèmes avec tes Packages.

There are no sury.org php packages for 16.04. The oldest published packages are for Bionic (18.04)

You can see the full list here: https://launchpad.net/~ondrej/…ield.series_filter=bionic

Here you can find all the needed documentation on how to setup and configure a packaged version.

https://wiki.i-mscp.net/doku.php?id=plugins:phpswitcher

A packaged version can be installed with apt-get and the packages will be downloaded from here: https://packages.sury.org/php/

Hope it finally helps

Please use sury.org to install all your needed PHP versions and additional modules.

Easyer, always up to date and simply working !