This works, yes, but the chain is incomplete using Apache 2.2. This script creates the following entrys (should work with Apache 2.4): Code: SSLCertificateFile /var/www/clients/clientx/webx/ssl/domain.tld.crt (linked to fullchain.pem) SSLCertificateKeyFile /var/www/clients/clientx/webx/ssl/domain.tld.key If I'm using SSLCertificateChainFile instead, it works with full chain. Even SSLLabs gives me an A instead of B because of the full chain. Code: SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem Is the ISPConfig Team aware of this issue? Thanks!
This is fantastic, thank you guys. This changes the whole game at the end of the day. Any release date in mind ?
How is the Lets Encrypt checkbox supposed to work exactly? I updated from 3.0.5.4p8 to git (commit 5e82da8c) just today (dev machine only) and it doesn't seem to create a cert when checking the box and saving. Is there anything I'm missing, maybe a package I need to install for letsencrypt?
Thank you for your answer! Now I got the following problem (Debian Jessie, letsencrypt-python installed from jessie-backports, apache2-2.4.18-1): eb 25 15:52:57 XXX apache2[29089]: Starting web server: apache2 failed! Feb 25 15:52:57 XXX apache2[29089]: The apache2 configtest failed. ... (warning). Feb 25 15:52:57 XXX apache2[29089]: Output of config test was: Feb 25 15:52:57 XXX apache2[29089]: AH00526: Syntax error on line 13 of /etc/apache2/sites-enabled/000-ispconfig.conf: Feb 25 15:52:57 XXX apache2[29089]: <LocationMatch not allowed here Relevant part in 000-ispconfig.conf: <Directory /var/www/clients> AllowOverride None Require all denied <IfModule mod_headers.c> <LocationMatch "/.well-known/acme-challenge/*"> Header set Content-Type "text/plain" </LocationMatch> </IfModule> </Directory>
I have had to switch from le2ispc to ISPConfig 3.1. What would be the best way to handle letsencrypt after deleting le2ispc? Delete archive, live and config or edit all config files to fit with the configuration from ISPConfig 3.1 (have that setup running on another server)
3.1 is working great, actually. Just a few minor things here and there with the GUI, but nothing that I couldn't even have in production....
Issuing worked well, but when I try to renew the certificate: "uncheck / recheck" as indicated, the expiry date still remains the same, so I'm not sure it did anything. Ok actually the error log is: 2016-04-05 00:30:04,191:INFO:letsencrypt.cli:Cert is due for renewal, auto-renewing... 2016-04-05 00:30:04,222EBUG:letsencrypt.cli:Requested authenticator webroot and installer apache 2016-04-05 00:30:04,239EBUG:letsencrypt.plugins.disco:No installation (PluginEntryPoint#apache): Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare self._initialized.prepare() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 152, in prepare raise errors.NoInstallationError NoInstallationError 2016-04-05 00:30:04,241EBUG:letsencrypt.display.ops:No candidate plugin 2016-04-05 00:30:04,248EBUG:letsencrypt.plugins.disco:Other errorPluginEntryPoint#webroot): Missing parts of webroot configuration; please set either --webroot-path and --domains, or --webroot-map. Run with --help webroot for examples.
I don't know if I read it right but in 3.1 release this will be implemented and working. Can someone chime in on this because I am interested as well and I am willing to wait, my cert won't expire for another 6 months or so.
IMHO not much is left for 3.1 to go live, but if you want to follow, go check the developer section on ispconfig.org
Nemis: Nope wouldn't be a good idea since it is a GIT project and some distributions already have their own packages ready for it.
what's the problem with source on git? wget https://raw.githubusercontent.com/l...ster/letsencrypt-auto-source/letsencrypt-auto then chmod +x it and run. or get .zip or .tar.gz from https://github.com/letsencrypt/letsencrypt/releases