I switched from Zentyal to UCS 4.2 on my server (DC Master, Webserver, Mailserver) a few months ago. I use the UCS Letsencrypt App from App Center. It sets up Apache, Postfix and Dovecot with the Letsencrypt certificate.
However, it happened two times now during update of Letsencrypt app, that it resets the registry values which configure the key and certificate files for Apache to the UCS defaults. Then I need to run the following commands to reset Apache configuration to use the Letsencrypt certificate:
ucr set apache2/ssl/certificatechain="/etc/univention/letsencrypt/intermediate.pem" apache2/ssl/certificate="/etc/univention/letsencrypt/signed.crt" apache2/ssl/key="/etc/univention/letsencrypt/domain.key" service apache2 restart
The Update was executed via Univention Management Console.
Another issue, related to Letsencrypt is the message under System Diagnostics in Univention Management Console:
Kritisch: Überprüfe Gültigkeit der SSL Zertifikate Ungültiges Zertifikat '/etc/univention/letsencrypt/signed.crt' gefunden: /etc/univention/letsencrypt/signed.crt: CN = <mydomain> error 20 at 0 depth lookup:unable to get local issuer certificate Ungültiges Zertifikat '/etc/univention/letsencrypt/signed.crt' gefunden: /etc/univention/letsencrypt/signed.crt: CN = <mydomain> error 20 at 0 depth lookup:unable to get local issuer certificate
However the SSL certificate is up to date and has been properly updated by Letsencrypt app.
Thanks for any help.