Renewing a CAcert SSL certificate in ISPconfig

As always, this is something that didn't work as expected when I tried it and needed some fiddling. So I publish it on the internet in case it helps someone else out. So without further ado.

The first part of the process is easy. You simply go to Cacert.org, go to Server Certificates, select the domain name and then hit the renew button. That gives you your new public server cert. You can just copy this from your browser.

In ISPconfig, go to Sites and your domain, and then to the SSL tab. Now what I was doing was replacing the contents of the SSL Certificate box with the new key and hitting Save. But the server retained the old key. Hmmm. Tried restarting nginx. Still no good.

So what you actually need to do is locate the blank box at the bottom of the page, SSL Action, and select Save Certificate, and THEN hit the Save button at the bottom of the page. That will actually update your certificates. You can check the dates of the certificates if you have SSH access by checking the file dates and contents at /var/www/clients/client_xxx/web_yyy/ssl
I think the update process might take a few minutes, but if it doesn't happen, you can restart the webserver and it will happen immediately.

Leave a Comment