Unable to initalize letsencrypt with subdomains
short description
When setting up a site with auto subdomains enable of letsencrypt fails.
environment
- Server OS: debian
- Server OS version: 9.8
- ISPConfig version: 3.1.13
- certbot: 0.33.1
- Apache/2.4.25 (Debian)
Problem behind
in get_letsencrypt_certificate_paths
in letsencrypt.inc.php
you try to read the related domains from renewal config files due reading the lines in section [[webroot_map]]
But sometimes (I don't know why) certbot does not write these lines into config file. So there is no certificate files given back to request_certificates
and then letsencrypt is of course disabled.
A possible stable solution would, instead of parsing the config file of letsencrypt you may use the output of certbot-auto certificates -d <maindomain> -d <subdomain> -d <subdomain>
which results always in a single output of associated files like
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: xxxxx (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
I think parsing such a small blob would be more stable then reading of config files.