Hi Guys I've manged to get ISPConfig 3.1 running along with lets encrypt - the websites hosted on there are now secured with a free LE SSL certificate so that is all working GREAT. But I only need to secure my web hosting panel itself (the one on port 8080) with a LE SSL certificate. I found this guide to do so: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ The guide says, "Create a site for your server in ISPConfig panel via Sites > Website > Add new website. " - this website domain should be the same as the output of "hostname -f". I have verified that everything is working by going to this hostname and the ISPConfig default template loads up (which is what I am expecting since I have not actually set up a site here) So I did that, and then I enabled "Lets Encrypt" for it on the website config then waited 1 minute for the cronjob to kick over - but nothing happens at all. /var/log/ispconfig/cron.log isn't showing anything useful - it just shows "Finished" which is what you'd expect to see when everything is running smoothly error.log is also empty. Additionally, /var/log/letsencrypt/letsencrypt.log doesn't show anything either - normally when I secure a site with LE SSL, a new "letsencrypt.log" is generated and the current log file is renamed .log.1 and so on - but in this case, absolutely nothing happens. Where can I troubleshoot why this is going wrong?
Hi till The DNS is definitely set correctly - I can access the page from my cellphone over 4G - it shows the default ISPConfig page. The strange thing is there is no log generated in /var/log/letsencrypt - if the domain name of DNS was wrong it would throw an error there.
Use the ISPConfig debug mode to find out what happens when you enable Let's encrypt for the website. No, it won't, as ISPConfig checks the domain upfront and excludes it from the LE cert if unreachable.
Right. It’s definitely correct - I checked by using this DNS propagation checker. The correct IP is returned by entering the output of “hostname -f” into it: https://www.whatsmydns.net/ Both the A and AAAA are correct. Is there anything else I can do to check why this is failing?
Hi - now we're getting somewhere, log is below. First it says "could not verify hostingbox.mycorp.com" - not sure why this is is the case, the server has a public IPv4 IP set on it (i.e. it is not using a RFC1928 192. or 10. IP address) and is not using NAT - so DNS resolution should work properly. If I do a "dig hostingbox.mycorp.com 8.8.8.8" (via google DNS) from the terminal, the correct A address is received. This address is the same address that is configured on the primary network adapter of the system. Any ideas? Code: 27.04.2018-12:11 - WARNING - Could not verify domain hostingbox.mycorp.com, so excluding it from letsencrypt request. 27.04.2018-12:11 - WARNING - Let's Encrypt SSL Cert for: hostingbox.mycorp.com could not be issued. 27.04.2018-12:11 - WARNING - 27.04.2018-12:11 - DEBUG - SSL Disabled. hostingbox.mycorp.com 27.04.2018-12:11 - DEBUG - Writing the vhost file: /etc/nginx/sites-available/hostingbox.mycorp.com.vhost 27.04.2018-12:11 - DEBUG - Removing symlink: /etc/nginx/sites-enabled/100-hostingbox.mycorp.com.vhost->/etc/nginx/sites-available/hostingbox.mycorp.com.vhost 27.04.2018-12:11 - DEBUG - Creating symlink: /etc/nginx/sites-enabled/100-hostingbox.mycorp.com.vhost->/etc/nginx/sites-available/hostingbox.mycorp.com.vhost 27.04.2018-12:11 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web7.conf 27.04.2018-12:11 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 27.04.2018-12:11 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service 27.04.2018-12:11 - DEBUG - nginx status is: running 27.04.2018-12:11 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 27.04.2018-12:11 - DEBUG - Checking nginx configuration... 27.04.2018-12:11 - DEBUG - nginx configuration ok! 27.04.2018-12:11 - DEBUG - Restarting httpd: systemctl restart nginx.service 27.04.2018-12:11 - DEBUG - nginx restart return value is: 0 27.04.2018-12:11 - DEBUG - nginx online status after restart is: running 27.04.2018-12:11 - DEBUG - Processed datalog_id 293 27.04.2018-12:11 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
Ok this is embarrassing. The issue was that I fat fingered the IP address in /etc/hosts. When I tested using dig & exteernal DNS resoution it showed the correct IP. What lead me to the problem was that I did a "curl hostingbox.mydomain.com" and got no reaction. Then I did a ping "ping hostingbox.mydomain.com" and found the IP address was off by 1 digit (I pressed the wrong key...) Thanks everyone for your help!
