Letsencrypt not working anymore

Discussion in 'General' started by Gixxa, Mar 20, 2019.

  1. Gixxa

    Gixxa New Member

    So it looks like ISConfig is not working correct for me.

    What happens is the same as in this video that I found:



    I can activate it when I create a new site but it will not keep the activation. The certificate will be generated but it will just not be activated afterwards. If I do it again cerbot just shows me this:

    What have I done?:

    I have updatet certbot-auto like this:

    Also tried Debian apt-get install certbot-auto but it's the same problem.

    I also downloaded the newest version of ISPConfig (3.1.13p1), ran the update.php again and said yes to every question except create a new certificate. Still no luck.

    Is there a fix for this or am I doing something wrong?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Are the domains listed in the renewal config file of that cert in /etc/letsencrypt/renewal/yourdomain.tld.conf after the line [[webroot_map]]?
     
    Rahmat Ali likes this.
  3. Gixxa

    Gixxa New Member

    Yes they are.

    Edit:

    I just tried it again with a different subdomain and it seems to work there.

    The site I am trying to create was in use once as a demo-site but was deleted about a month ago.
     
    Last edited: Mar 20, 2019
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. Gixxa

    Gixxa New Member

    @Taleman

    The problem is that the certificates are being created however from what I can tell ISPConfig will not create the symlinks for /var/www/domain/ssl. If I look under /etc/letsencrypt/live/domain I see:

    cert.pem -> ../../archive/domain/cert1.pem
    chain.pem -> ../../archive/domain/chain1.pem
    fullchain.pem -> ../../archive/domain/fullchain1.pem
    privkey.pem -> ../../archive/domain/privkey1.pem
    README

    So Let's Encrypt seems to work since it does so with other newly creted domains. It's just this one old domain I used a few months back and I'm reusing now where some element is not working. I've also deleted everything with the domain and created it again in ISPConfig and it still will not work.

    This is the log output of letsencrypt.log after I click on "Let's Encrypt SSL" and "SSL" again:

    From what I can tell this tells me that it looks more like an ISPConfig problem?
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What makes you arrive at this conclusion?

    Did you also delete all files for that domain in /etc/letsencrypt/ ?
    There is also this in the log you posted:
    I notice you have not revealed what operating system you are running.
     
  7. Gixxa

    Gixxa New Member

    The fact that the certificates are being created and everything works on other domains. It's just this one old domain that ISPConfig will not allow to activate Let's Encrypt, even though the certs are there. I can also delete the certificates and they will be generated again with no problem. ISPConfig will not allow the setting of the SSL and Let's Encrypt checkbox. I've tried to disable the LE check and everything from your link to no avail.

    Yes. I did an "updatedb" and a "locate domain" to find everything releated to that domain. So everything was deleted from the server.

    As I've said in the first post I've already tried with "apt-get install certbot-auto", same result.

    Indeed it seems I forgot to say the version of Debian. It's Debian 9.8 and everything is up to date.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Did you previously use LE installed from outside Debian? Have you removed the other version of letsencrypt before doing apt-get install certbot? If you have two version of letsencrypt on your host, it causes problems. Anyway, the log message states you have too old version of the program.
     
  9. Gixxa

    Gixxa New Member

    No.

    Of course I did.

    Yeah I realize that but that is not the problem, considering any other domain will work without a problem. The renewal also works with zero problems. I'll update it in a few days when I run my usual server maintenance.

    Edit:

    So I just removed the old certbot and installed the os package:

     
    Last edited: Mar 21, 2019
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the ispconfig debug output, not the letsencrypt.log.
     
  11. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You might try 'grep -R domain /etc/letsencrypt' and see if the domain is listed in any of the renewal/*.conf files.

    You mentioned above that you removed all files for the domain, but this log message shows domain.conf here, so either you did not remove them all or it was created again with a different certbot version (stretch has 0.28.0). I'd remove all the domain files again, and check for multiple versions of certbot/letsencrypt being installed.

    If you update to certbot 0.31 or greater you'll want to check that the domain is listed under webroot_map in the renewal .conf file as @till mentioned above, and/or update ISPConfig to git-stable, which has a fix to work correctly there.
     
    Last edited: Mar 21, 2019
    till likes this.

Share This Page