Hello, I've tried to setup Let's Encrypt but still failing. According to the ISPConfig-Lets Encrypt GitHub page, they say, that letscrypt comes native with ispconfig but for me i couldn't notice that letsencrypt was installed at all. when i try to tick letsencrypt in website settings in ispconfig, it won't do anything and when i go back to the website page i see that lets encrypt is ticked out! what am i be missing, should i install it the plugin manually from GitHub?
Please install it as described on official Tutorial: https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt Code: mkdir /opt/certbot cd /opt/certbot wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto Code: ./certbot-auto The command will then tell you that "no names were found in your configuration files" and asks if it shall continue, please chose "no" here as the certs will be created by ISPConfig.
Hello oNdsen, thanks for your reply, However, I have already set it up as it's mentioned in that tutorial, but the problem that i run into is the following: the certs are generated correctly in /etc/letsencrypt directory but the symlink that were generated by ISPConfig were misnamed. ISPConfig have done the following: create a symlink from: /etc/letsencrypt to: /var/www/example.com/ssl/example.com-le{.crt, .key}. declare them in nginx vhost falsely as: /var/www/example.com/ssl/example.com{.crt, .key}. you see without the (-le). so what you think?
Ah i see, looks like a Bug. When i check the Bugtracker, JanThiel has allready opened an Issue: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4307 He allready tried a hotfix, but without Luck.
thanks for the link, I've also did the same as this hotfix but also got other things broken with nginx, so I reverted the changes and we will wait then.
His Hotfix can not work. I posted the hotfix already yesterday here: https://www.howtoforge.com/community/threads/lets-encrypt-on-ispconfig-3-1-1-will-not-work.74484/
Not sure if i should start a new thread or not? But while trying to enable https with a test domain, i get teh following errors in the /var/log/letsencrypt/letsencrypt.log file But dns and A record is fine... Any ideas? Thanks... 2016-10-28 12:37:08,422EBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: www.lumpyjunk.com Type: unauthorized Detail: Invalid response from http://www.lumpyjunk.com/.well-known/acme-challenge/9b7sC9L1bUCsIFbZispSZLNG7-LbMsmEQLcdSrMEByA: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ht" Domain: lumpyjunk.com Type: unauthorized Detail: Invalid response from http://lumpyjunk.com/.well-known/acme-challenge/kyA0cdLQA12Itgr7RI2cWvE646S7XpaQ2tsBTiVGukU: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ht" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. 2016-10-28 12:37:08,422:INFO:certbot.auth_handler:Cleaning up challenges 2016-10-28 12:37:08,422EBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/kyA0cdLQA12Itgr7RI2cWvE646S7XpaQ2tsBTiVGukU 2016-10-28 12:37:08,423EBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/9b7sC9L1bUCsIFbZispSZLNG7-LbMsmEQLcdSrMEByA 2016-10-28 12:37:08,423:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2016-10-28 12:37:08,423EBUG:certbot.plugins.webroot:Error was: [Errno 39] Directory not empty: '/usr/local/ispconfig/interface/acme/.well-known/acme-challenge' 2016-10-28 12:37:08,424EBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 563, in obtain_cert action, _ = _auth_from_domains(le_client, config, domains, lineage) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 100, in _auth_from_domains lineage = le_client.obtain_and_enroll_certificate(domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 281, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 253, in obtain_certificate self.config.allow_subset_of_names) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 78, in get_authorizations self._respond(resp, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 135, in _respond self._poll_challenges(chall_update, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 199, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. www.lumpyjunk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.lumpyjunk.com/.well-known/acme-challenge/9b7sC9L1bUCsIFbZispSZLNG7-LbMsmEQLcdSrMEByA: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ht", lumpyjunk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://lumpyjunk.com/.well-known/acme-challenge/kyA0cdLQA12Itgr7RI2cWvE646S7XpaQ2tsBTiVGukU: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Looks like the A-Record of lumpyjunk.com doesnt point to the correct Server. Can you please verify that lumpyjunk.com also www.lumpyjunk.com is pointing to the correct Server IP Address?
Your issue is not related to this thread. Please take a look at the FAQ first https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and after you ensured that you use ispconfig 3.1.1 already and that all domains and subdomains are reachable from outside, then make a new thread.
lumpyjunk.com and www.lumpyjunk.com both point to the same ip and is resolvable via google dns root@web2:~/.local/share/letsencrypt/bin# nslookup www.lumpyjunk.com 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: www.lumpyjunk.com Address: 216.252.64.38
