Hey together, after a new setup i try'd to setup these sites over Websites -> Create new Website: web.-, mail.-, cloud.-, support.-, wiki.-, community.-, domain.tld all just working fine with ssl, le ssl, http to https - but not mail. Rewrite and SSL ok - if i try to activate le and save ispconfig show the task, after some time its finished - checking cert showing the newest created le ssl (cloud.domain.tld). checked: all A Records showing to the master (web) DNS Lookup is good all http to https rewrites working fine All Domains have active SSL and rewrite and showing with the ip to "*" nothing in le cert log files - rlly - nooothing for this setup try nothing in /var/log/ispconfig/* Setup: Debian 9.5 + PHP7.0 - 5 Multi Server Setup Any idea out there? Best regards Frankenstein P.S. Found something trippy in dmesg: Expand: "dmesg" Code: [15648.045405] apache2[13885]: segfault at 7ff0e00dc7a0 ip 00007ff0e00dc7a0 sp 00007fffbecaef88 error 14 in mod_alias.so[7ff0e2b9f000+4000] [16382.820991] apache2[15838]: segfault at 7f2a847527a0 ip 00007f2a847527a0 sp 00007ffc5a02a9c8 error 14 in libexpat.so.1.6.2[7f2a87820000+27000] [16497.723602] apache2[16287]: segfault at 7f6c013c57a0 ip 00007f6c013c57a0 sp 00007fff7da3efc8 error 14 in libexpat.so.1.6.2[7f6c04493000+27000] [16607.403390] apache2[16914]: segfault at 7f8c373497a0 ip 00007f8c373497a0 sp 00007ffedbf47b88 error 14 in libexpat.so.1.6.2[7f8c3a417000+27000] [16907.369340] apache2[18829]: segfault at 7f1e5d1c97a0 ip 00007f1e5d1c97a0 sp 00007fff7d667888 error 14 in libexpat.so.1.6.2[7f1e60297000+27000]
Unfortunately not helpful for me Code: /var/log/ispconfig/ispconfig.log 01.10.2018-18: 12 - WARNING - Could not verify domain mail.domain.tld, so it excludes fromencrypt request. 01.10.2018-18: 12 - WARNING - Let's Encrypt SSL Cert for: mail.domain.tld could not be issued. 01.10.2018-18: 12 - WARNING - nothing in /var/log/ispconfig/httpd/mail.domain.tld/error.log and in auth.log just 5 connects from safari
The subdomain is excluded as it is not reachable from the server. ISPConfig does what LE is doing to verify the domain, it puts a token file into the LE token directory and then it tries to reach it by http. When dns is ok and you are sure that it propagated to all dns caches, then you might check if this subdomain is set in the /etc/hosts file on this server and pointed to a wrong IP.
In the /etc/hosts its showing to the mail gateway which is rlly mail.domain.tld - but the A Record showing to web which should be the relay for the gateway? (like deb8 multiserver setup). //edit Okay - now i know why it would not work @till I think if the hosting service goes online its should be a wildcard ssl cert like PositiveSSL - Wildcard SSL from comodo and just LE for customers ^^?
Wildcard ssl is not yet supported by ISPConfig if that is what you mean. Some tips are discussed in here.
When the subdomain is used on the mail server only (for postfix and dovecot) and your mail server is not running a web server like apache or nginx, then you could e.g. create the ssl cert for the mail subdomain on the mail server with certbot manually by using the standalone mode. But standalone mode can only be used when there is no other web server on that system.
So it's ok that the a record showing to web.domain.tld - i can create the certificate locally on mail.domain.tld (mailserver) (when on the mailserver is no running webserver) with certbot standalone - did I understand that correctly?
I have done that, old thread here: https://www.howtoforge.com/community/threads/lets-encrypt-lots-of-errors-in-standalone.79363/
