Whether To Overwrite Existing Certbot LE SSL Certs With 3.2 Hook Parameters
I noted everything is working quite fine and both acme.sh and certbot are issuing new LE SSL certs whenever there is none exist. However, I also noted that most users especially those who are using certbot may not realized that ISPConfig 3.2 will not create new LE SSL certs if there are existing LE SSL certs and thus, hook system is not fully implemented.
One way to upgrade to ISPConfig 3.2 and use hook system will be by deleting the previous server LE SSL certs and request the new ones during update process but many did not do this. It is fine if they personally choose incron to monitor and it works when LE SSL Certs for the server is renewed.
Otherwise, it fall back on ISPConfig 3.2 to make sure it works but ISPConfig 3.2 make sure it works via hook, not incron. A dilemma when the code was written and proposed, and I chose hook since it won't use any resources to monitor but will just run before and after LE SSL certs for the server renewal process.
I would propose, that either the existing LE SSL certs is deleted, so the new ones can be issued with hook parameters OR, re-run certbot for the server hostname -f (FQDN) with the new parameters so it will overwrite the parameters for the existing ones.
However, I am not so sure if acme.sh works similarly whether it can overwrite existing parameters OR, simply the previous LE SSL certs need to be revoked and deleted and request new ones to with the new parameters.
Hence, I opened this issue for a revisit on how this can be handled more efficiently by ISPConfig 3.2.