Hello all, I recently moved my complete ISPConfig to a new server and most things are working fine (as far as I can tell atm.. ) But I do have a problem with Lets Encrypt, I added a new website in ISPConfig and turned on Lets Encrypt, but nothing happens. Strange thing is that I don't see anything apear in the Lets Encrypt logs (I looked in /var/log/letsencrypt/letsencrypt.log). Is that the correct file to look for Lets Encrypt errors? What could be the issue here? Thanks in advance!
I tried Lets Encrypt using cli to see if I get an error, and I did: Code: root@SERVER:~/.local/share/letsencrypt/bin# ./certbot certonly --webroot -w /var/www/SUB.MYDOMAIN.COM -d SUB.MYDOMAIN.COM Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):info@mydomain.com ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: a ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: n Obtaining a new certificate Performing the following challenges: http-01 challenge for SUB.MYDOMAIN.COM Using the webroot path /var/www/SUB.MYDOMAIN.COM for all unmatched domains. Cleaning up challenges Encountered exception during recovery [Errno 2] No such file or directory: '/var/www/SUB.MYDOMAIN.COM/.well-known/acme-challenge/CBUx_02pbvck39BQsMXMFK3PV_2XWpFmC66qyn4Rxbc' Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/error_handler.py", line 99, in _call_registered self.funcs[-1]() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 284, in _cleanup_challenges self.auth.cleanup(achalls) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/webroot.py", line 222, in cleanup os.remove(validation_path) OSError: [Errno 2] No such file or directory: '/var/www/SUB.MYDOMAIN.COM/.well-known/acme-challenge/CBUx_02pbvck39BQsMXMFK3PV_2XWpFmC66qyn4Rxbc' ("Couldn't create root for {0} http-01 challenge responses: {1}", u'SUB.MYDOMAIN.COM', OSError(13, 'Permission denied')) IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. It seems it cannot create .well-known or something? Also when I go to http://sub.mydomain.com/.well-known/acme-challenge/test.html I get an 403 error file not found, while I created the dirs and the test.html Edit: This error also shows in the letsencrypt.log when I use the cli to issue a cert, but not when I enable Lets Encrypt in ISPConfig.
Do not use the cli, it conflicts with ISPConfig and will disable this domain for use in ISPConfig. Besides that, you used a wrong path so LE could not find it's token. Back to your original problem: to find out why you can't activate LE in ISPConfig, see ispconfig log and letsencrypt log.
Hello Till, Normally I'm not using cli to get a cert but I just wanted to see an error Both the ispconfig log and the lets encrypt log show nothing.
Please enable debug log level in ISPConfig, then comment out the server.sh cronjob in the root crontab (crontab -e) command. Then enable the LE checkbox in the website again and finally run the server.sh script on the shell and post the output that you get there.
Till, Enabling the debug log level made the server stop working :S Not reachable on SSH anymore and while apache2 has the status "running", I can't connect to it anymore.
Hmm, the debug level can not cause this. But you said you moved the ispconfig install from another server. Is it possible that you did not change the network settings under system > server config and now by activating the log level, you instructed ispconfig to reconfigure the network card by confirming the old IP address etc. which is on the same form? If this happened, you will have to connect to the server on a rescue console or otherwise directly and change the network settings back to the correct values in the network config file (/etc/network/interfaces on Debian and Ubuntu).
Thanks @till that was the problem indeed! Now I got these errors in the ispconfig.log: Code: 12.06.2017-18:52 - WARNING - Could not verify domain sub.mydomain.com, so excluding it from letsencrypt request. 12.06.2017-18:52 - WARNING - Let's Encrypt SSL Cert for: sub.mydomain.com could not be issued. Which is quite strange because all the DNS records for that domain should be fine. Nothing in the Lets Encrypt log though.
Keep getting this error: Code: 13.06.2017-09:35 - WARNING - Could not verify domain sub.domain.com, so excluding it from letsencrypt request. 13.06.2017-09:35 - WARNING - Let's Encrypt SSL Cert for: sub.domain.com could not be issued. While I do have an A record in the DNS for this sub domain. Nothing appears in the letsencrypt.log when I try to issue a cert, only in the ispconfig.log
