And letsencrypt and certbot are installed as well? In this case it must work. Check that the file: /etc/apache2/sites-available/ispconfig.conf contains this: Code: Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted </Directory> it gets added during reconfigure of the services at update time. This is the global alias to redirect the letsencrypt requests to the correct folder.
i see now thad when i eneble ssl and letsencrypt and i go to https://xxx.xx its redirect to a other website on thad server i use ip fore al website on that server
Yes, all domains, alias domains and subdomains of a website get added to the ssl certificate of that website. But ensure that really all of them are connected and reachable, if one of them does not exist in dns, then the ssl cert creation will fail.
root@isp1:/etc/apache2/sites-available# cat isp1.tvt-datos.es.vhost <Directory /var/www/isp1.tvt-datos.es> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost 185.29.68.61:80> DocumentRoot /var/www/isp1.tvt-datos.es/web ServerName isp1.tvt-datos.es ServerAdmin [email protected]-datos.es ErrorLog /var/log/ispconfig/httpd/isp1.tvt-datos.es/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/isp1.tvt-datos.es/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all <Files ~ '.php[s3-6]{0,1}$'> Order allow,deny Deny from all Allow from none </Files> </Directory> <Directory /var/www/clients/client2/web28/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all <Files ~ '.php[s3-6]{0,1}$'> Order allow,deny Deny from all Allow from none </Files> </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web28 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web28/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web28/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> <VirtualHost [2a04:41c0:0:1::61]:80> DocumentRoot /var/www/isp1.tvt-datos.es/web ServerName isp1.tvt-datos.es ServerAdmin [email protected]-datos.es ErrorLog /var/log/ispconfig/httpd/isp1.tvt-datos.es/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/isp1.tvt-datos.es/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all <Files ~ '.php[s3-6]{0,1}$'> Order allow,deny Deny from all Allow from none </Files> </Directory> <Directory /var/www/clients/client2/web28/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all <Files ~ '.php[s3-6]{0,1}$'> Order allow,deny Deny from all Allow from none </Files> </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web28 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web28/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web28/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> Please, correct me if Im wrong, but this is the correct file generated by ispconfig. I did not manually created it!
The file is correct, but it's probably from ispconfig 3.0.5 and not 3.1 or you use a custom template as the letsencrypt code is missing. Please the letsencrypt FAQ that is linked in this post, it describes the steps that you have to do on an apache 2.2 server.
Nooo, I did update. I did USE Letsencrypt with that installation and it worked the firsts times and from one site to other stopped working! Edit: I reconfigured services during update! Edit2: I have this Code: <IfModule mod_headers.c> <LocationMatch "/.well-known/acme-challenge/*"> Header set Content-Type "text/plain" </LocationMatch> </IfModule> but not this: Code: Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted </Directory> EDIT: I've added second code and not letsencrypt is saying forbbiden. Should it be in any place in particular?
Your server uses apache 2.2, so this: <IfModule mod_headers.c> <LocationMatch "/.well-known/acme-challenge/*"> Header set Content-Type "text/plain" </LocationMatch> </IfModule> has to be there, the other code is for apache 2.4 only any may not be added on an apache 2.2 server. What gets added on system reconfigure during update into the ispconfig.conf on apache 2.2 is this: Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Order allow,deny Allow from all </Directory> if that is missing on your server, add that
Aaaaaand that fixed it! How can be possible that part of code dissapeared? I did nothing between adding one aliasdomain to other, and were in that point when it brokes
Thank all for information on this thread, i have similar behavior but on apache 2.4. 000-ispconfig.conf config missing part Code: </Directory> Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted </Directory> I added it manualy, restart apache, try download default file using http://xxx.y/.well-known/acme-challenge/empty.dir works ok and then also my certificate request using interface works ok. So i every time reconfigure services while update version. Server version: Apache/2.4.10 (Debian) Debian GNU/Linux 8 (jessie)
@madmucho, that should get added during "reconfigure services" stage; if you are running that, maybe you have a conf-custom template that's being applied to create 000-ispconfig.conf rather that the new one from upstream code?
Understand, maybe that is reason, i have some ssl cipher modification on vhost template file because of security. i will move them out before upgrade and compare diff after in future updates
if your cipher changes are appropriate for all sites, just do a merge request with those instead, and you'll be back to the stock template
