[BlueOnyx:25494] Re: Deactivate Letsencrypt for main domain name fails

[Michael Stauber]

Hi Jochen,

> this will result in SSL certs not being fetched at all but there are remaining domains that shall be served and that also shall have SSL certificates.

Renewal of LE certs is done by this daily cronjob:

/etc/cron.daily/letsencrypt.cron

That executes this Perl-script:

/usr/sausalito/sbin/letsencrypt_autorenew.pl -a

This script checks CODB for Vsites that use LE certs *AND* have 
Auto-Renewal enabled *AND* are past their configured renewal date.

It then individually renews those certs that need to be renewed.

So turning "Auto Renew" off for a selected Vsite will removed it from 
being included in the renewal process.

The server-cert (for the BlueOnyx GUI) will always be auto-renewed, 
provided you use an LE cert for it and the cronjob runs the renewal 
script with the "-a" parameter.

 > I figure renaming a vhost isn't possible in Blue Onyx.

It sure is. Just rename the Vsite in the "General Settings" page of a Vsite.

Like said: If you want to stop auto-renewal of the LE cert for this 
inactive Vsite, just turn "Auto Renew" off in the LE settings of that 
Vsite. That takes care of it.

Or: Just create a self signed cert via the GUI for that Vsite. Because 
if it no longer uses an LE cert, it won't be included in the renewal 
process either.

-- 
With best regards

Michael Stauber