SSL Bundle doesn't get delete in vhost file and .crt is chained
short description
A certificate was expired. For a short time we activated LE, so customers could use our customers site again. After some time the new wildcard SSL cert arrived and we copied it into ISPConfig and saved the new cert. But wget for cronjobs stopped. A simple test with wget https://www.mydomain.tld showed, that the chain was broken.
After some research we find out that there was still a .bundle file in /var/www/clients/clientXXX/webXXXX/ssl/mydomain.tld.bundle BUT with the old CARoots and intermediates. A new copy&paste to the ISPConfig SSL tab with Save certificate was not successfull. The old file still was there.
We just renamed the old bundle file, saved again in ISPConfig and the Bundle line in .vhost (SSLCertificateChainFile) was gone- We restarted apache via systemctl and checked the site again and it worked even with wget what shouldn't happen as we just should have the cert file itself. But we recognized, that in the .crt file, the cert and the intermediates were combined.
correct behaviour
.crt should be certificate only, .bundle should be bundle only
environment
Server OS: Debian Server OS version: 8 ISPConfig version: 3.1.11