I have set up several domains in this ISPconfig and all of them are auto renewing the certificates whith no proplems, except for the certificate used for the ISPconfig web interface. I am using the following command in crontab: /opt/certbot/certbot-auto renew --force-renew
Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
Require all granted
In the /var/www/ directory a have the symb link = ispconfig -> /usr/local/ispconfig/interface/web
This is risky if you run it very often because it will attempt to renew every certificate that you have every time. You can run into rate limits in this case. The way we planned for people to use this was running every day, but without --force-renew, and letting certbot renew itself make the decision about whether to renew.
What webroot directory did you choose for that domain when you originally obtained the certificate? Can you make a test file in .well-known/acme-challenge under that webroot and see if you can see it at the corresponding location using a web browser?
Hi schoen, taks for replying, at this time i solved the problem. At least for now its working.
I created a new certificate using:
/opt/certbot/certbot-auto --apache -d cloudvps.mesmo.pt
an then:
/opt/certbot/certbot-auto certonly --webroot -w /var/www/ispconfig/ -d cloudvps.mesmo.pt
The .well-known/acme-challenge is accessible. I have created a test file in .well-known/acme-challenge and and I acceded successfully to it using the web browser.
Concerning the crontab command /opt/certbot/certbot-auto renew --force-renew i will do as you say.