I’m using Let’sEncrypt together with ISPConfig 3. This morning, I came across some strange behaviour. First: All of a sudden, my services completely restarted. I thought “Well, might happen sometimes” and didn’t think any of it, continues writing my mails when suddenly my mail client reported “SMTP server unreachable”.
Long story short: After analysis, my Apache finally gave me a clue: “Private key and certificate do not match”. It revoked the old certificate and issued a new, using certbot-auto (the only “client” ISPConfig currently works with)
Now, the certificate got issued and everything LOOKED fine, but when I replaced the existing self-signed certs with the LE ones (using ln -s), I still got the message “[…] do not match”
What’s going on? Am I too dumb to correctly configure the server?
I have checked DNS settings, everything is fine, so DNS is pretty much ruled out.
I mean, when I enter the command as I did, I’d expect that a cert is issued for the entered name, and that key and cert contain the same set of information.
Where should LE get these information from, anyway? As far as I understand, the keyfile is also generated by LE. So I’d expect them to match perfectly.
All I do is to relink the ISPConfig certificate AND key to /etc/letsencrypt/live/kirito.ennabe.de/ And then it shouldn’t matter anymore, since LE handles key and cert. ANd if they don’t match, I don’t know why. Is there any way to check the contents, like, some online service that reads the contents of a copy and pasted cert and key?
