Hello I have installed ISPconfig quite a while and now I'm trying to ssl my domain and I need to verify the ownership of the domain by uploading a file to the directory /public_html/.well-known/acme-challenge/ In my case it's the /web/.well-known/acme-challenge/ , when doing this I get an error 404 . I have checked the page source which shows the same error . Following others topic , I have changed the VirtualHost from <VirtualHost *:80> to <VirtualHost x.y.z.q:80> . I'm using google cloud , witch it's behind a firewall , so i guess it's should look like this <VirtualHost 10.160.0.2:80> ( as example ) But the error still persist , all the sites hosted worky perfectly , but unable to verify them by uploading the file . Any suggestions ? I appreciate it
@till I don't know how to do that . I don't have a visual interface . i'm using only the terminal . Trying to upload it via FTP/SFTP but I can't . Any suggestion ?
You don't need a visual interface, you can upload it with sftp, but you have to do that as root user. Or you upload it to a website by ftp and then copy the file on the shella s root to the right folder.
Dear @till Thanks for this great product, I have ordered my manual today to support the project! I am having this exact same problem too, I have 4 domains on ISpConfig and for EACH one of them I have the error: Domain: xxxxxxxx Type: unauthorized Detail: Invalid response from LINK TO FILE INSIDE ACME_CHALLENGE (it doesn't let me paste it here) [51.254.163.240]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. The DNS zone is standard, I am sure it has no errors. How can I resolve this, please? Thanks.
Have you tried copying the file to web/.well-known/acme-challenge/? If your problem is the same, the same fix should work. Have you tried getting HTTPS working with your domains by clicking on the Let's Encrypt SSL item in website settings?
Thanks my friend, first of all, for your reply. In answer to your questions: 1) I am using the automatic procedure from certbot, so issuing the command certbot --apache -d domain should it not place it in the domain's acme-challenge directory itself without any manual intervention? 2) Yes, I have tried that, both options: selecting or deselecting SSL and Let's encrypt unfortunately does not make any difference. Thanks truly for your help.
Try this: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ If you have in addition to using ISPConfig to create the certificate run the certbot command manually, you have messed up the certificates. You have to clean the certificat files to get a clean slate.
Thanks @Taleman I have run the procedure detailed in that FAQ page you linked, however the problems still persists. What I find also very weird is that enabling the SSL and Let's Encrypt SSL option in the specific website has no effect at all, as the /var/log/letsencrypt/ remains unaffected (same size) and also, after a short time, the options SSL and Let's Encrypt SSL I saved in Website 1 revert back to not being selected anymore. The letsencrypt.log shows that I seem to have DNS problems, however the sites are working perfectly without SSL and pass DNS tests. I have the same shared IP address across the 4 sites, could this be a problem? When running the ispconfig update script, though, I find this error at the moment of reissuing the main SSL cert: Can't load /root/.rnd into RNG 140059722703296:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd Could this be the culprit? I am running it from inside an OpenVZ VPS container. Thanks.
Are you sure you have followed the Let's Encrypt error FAQ correctly? It should show what the error is. That is a strange statement. Do not care about the size of that directory, look inside if there is a file containing the log for your Let's Encrypt attempt. Code: ls -lth /var/log/letsencrypt/ | head So you have read the let's enrypt log? What were the DNS problems? Do the website settings in ISPConfig for all your site have the same entry in IP Address -field? That is, either "*" or the IP-address for all sites? What shows Code: ls -lh /root/.rnd Do you run ispconfig_update.sh as root?
Dear @Taleman Thanks a lot for your detailed answers! I was running out of time to ensure that the domains be in a good status for my project, so in the end I decided to start again from scratch, reformatting my VPS and letting ISPConfig deal with Let's Encrypt on its own as it should be. The problem has been solved entirely, I guessed my having used certbot manually must have screwed up several things. Thanks once again for your patience and support. One final question: does ISPConfig also take care of the cert renewals automatically? Thanks