fail on renew with "No such file or directory: 'usr/local/ispconfig/interface/acme'" message

About logs, how do I control access.log with ISPCONFIG ? (I don't see any customLog directives in vhosts generated neither related parameters in ISPCONFIG sites definitions).
--
http://joomla-development.eu is redirected to https://joomla-development.eu whitch shows the contents of another website hosted on the same server (mon-voyage-a-cuba.com) !
The domain points on the right server:

Code:

kmc@kmcs:~$ nslookup joomla-development.eu
Server:         212.166.211.4
Address:        212.166.211.4#53

Non-authoritative answer:
Name:   joomla-development.eu
Address: 94.23.227.123

If I stop apache on ks307144(94.23.227.123) joomla-development.eu do not work anymore, so it is directed and managed on that server, right ?
If I restart apache after manually disable joomla-development.eu, http://joomla-development.eu (no https) still works and is redirected to https://mon-voyage-a-cuba.com !

Code:

ks307144 sites-available > rm ../sites-enabled/100-joomla-development.eu.vhost
ks307144 sites-available > ll /etc/apache2/sites-enabled/*joomla-development*
ls: impossible d'accéder à '/etc/apache2/sites-enabled/*joomla-development*': Aucun fichier ou dossier de ce type

So there is a conf in apache that applies to the domain joomla-development.eu and leads to mon-voyage-a-cuba.com ?!
--
About the proxies you asked me earlier, there are no proxies on joomla-development.eu but I use https://www.cloudflare.com/ for mon-voyage-a-cuba.com. Do you think this may have something to do with the problem I encounter ?
--
Another domain needed renew certs. It was working correctly, but the yellow lock in firefox adress. I followed your proposal to renew it with ISPCONFIG: certbot delete -d webologix.com the uncheck SSL and letsencrypt in ISPCONFIG site definition, save, then re check them, save again and now webologix.com is redirected to mon-voyage-a-cuba.com as joomla-development.eu.
So that problem is caused when trying to renew certificates with ISPCONFIG

 

I completely removed letsencrypt data, deleted joomla-development in ispconfig then recreate it and re-build the website from my local copy. Now the domain http://joomla-development.eu does not redirect to https anymore ! Great.
But the alias still do not work:

Code:

ks307144 web >  ll /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/
total 4
-rwxr-xr-x 1 ispconfig ispconfig 45 juil. 26  2019 empty.dir
-rw-r--r-- 1 root      ispconfig  0 mars  15 11:47 mytest.txt

http://joomla-development.eu works but http://joomla-development.eu/.well-known/acme-challenge/mytest.txt still gives 404
Please help !

 

Do you have any other rewrite/redirect on that domain? i.e. is there a .htaccess file in the web root (post pls)? For example a rewrite that changes everything to a subfolder? Some people do that and forget to exclude the .well-known folder. Your rewrite should look something like this (note the exception for .well-known):

Code:

 RewriteEngine On
 RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge
 RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
 RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

 

Since Till's post #16 I understood that there is a global Apache alias in ispconfig that redirects all .well-known/acme-challenge directory for any domain to a unique /usr/local/ispconfig/interface/acme/.well-known/acme-challenge directory. How could a .htaccess be accessed in that configuration ?
In doubt I deleted the .htaccess file with no more luck.

I also did the following test in the website root directory:

Code:

ks307144 web > mkdir -p .well-known/acme-challenge
ks307144 web > touch .well-known/acme-challenge/mytest.txt

and then http://joomla-development.eu/.well-known/acme-challenge/mytest.txt gives a blank page but ISPCONFIG still gives a WARNING - could not verify the domain when I check ispconfig'S SSL letsencrypt for that domain.
So I still cant make any certificate with ISPCONFIG and THE GLOBAL APACHE ALIAS DON'T WORK

Till, are you shure Apache alias you use works on the apache version I have:

 

Was that with the .htaccess in place? If there is a redirect, these get cached. You should for each test open a new incognito tab of your browser to ensure there is no caching issue.

The global alias is in file /etc/apache2/sites-enabled/000-ispconfig.conf
If you did not mess with that file it should work. I still suspect your htaccess file

 

Yes .htaccess in place, from another browser, after clearing its cache, I get the white page.

At what level(s) can there be a redirection cache ?

The alias looks OK:

Code:

ks307144 web > grep challenge /etc/apache2/sites-enabled/000-ispconfig.conf
Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>

If you know about that alias how could the .htaccess be reached on that url ?

 

A .htaccess file overwrites global settings and is valid for all of its subfolders. So if there is a htaccess file it could negate the global alias.
Create a new test site (for example an unused subdomain) without any content and get an letsencrypt certificate. Does this work?

This is also configured in the same 000-ispconfig.conf file. Could be that there is a problem of this file not being read by Apache
What is the output of "apache2ctl configtest"? Should be

Code:

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
Syntax OK

 

Created test.joomla-development.eu same error 404 when creating SSL cert

Code:

ks307144 ~ > apache2ctl configtest
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-apps.vhost:7
Syntax OK

No access.log created on the new subdomain:

Code:

ks307144 ~ > ll /var/log/ispconfig/httpd/test.joomla-development.eu
total 0
-rw-r--r-- 1 root root 0 mars  16 09:27 error.log

 

Strange. Looks like ispc config file is not being processed (?)
Does it work if you insert the alias to your individual web config:

Code:

Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge

Have you done any manual changes to the configuration files? You could try doing a reconfigure services, but that will overwrite your changes.

 

Adding the alias in the vhost doesn't solve the problem. (Ispconfig erases any changes when saving config, anyway).

Until the problem of renewall appeared I don't remember had made any manual changes. Since it appeared I tried different manual modification and finally completely deleted the vhost with ispconfig and rebuilt it from scratch, including upload of original scripts from local copy.
Here is the conf I have now:

Code:

ks307144 ~ > cat /etc/apache2/sites-available/joomla-development.eu.vhost

<Directory /var/www/joomla-development.eu>
                AllowOverride None
                                Require all denied
                </Directory>

<VirtualHost *:80>

                                        DocumentRoot /var/www/clients/client1/web17/web

                ServerName joomla-development.eu
                ServerAlias www.joomla-development.eu
                ServerAdmin [email protected]

                ErrorLog /var/log/ispconfig/httpd/joomla-development.eu/error.log

                Alias /error/ "/var/www/joomla-development.eu/web/error/"
                ErrorDocument 400 /error/400.html
                ErrorDocument 401 /error/401.html
                ErrorDocument 403 /error/403.html
                ErrorDocument 404 /error/404.html
                ErrorDocument 405 /error/405.html
                ErrorDocument 500 /error/500.html
                ErrorDocument 502 /error/502.html
                ErrorDocument 503 /error/503.html

                <IfModule mod_ssl.c>
                </IfModule>

                <Directory /var/www/joomla-development.eu/web>
                                # Clear PHP settings of this website
                                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                                                SetHandler None
                                </FilesMatch>
                                Options +FollowSymLinks
                                AllowOverride All
                                                                Require all granted
                                                </Directory>
                <Directory /var/www/clients/client1/web17/web>
                                # Clear PHP settings of this website
                                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                                                SetHandler None
                                </FilesMatch>
                                Options +FollowSymLinks
                                AllowOverride All
                                                                Require all granted
                                                </Directory>




                # suexec enabled
                <IfModule mod_suexec.c>
                        SuexecUserGroup web17 client1
                </IfModule>
                <IfModule mod_fastcgi.c>
                                <Directory /var/www/clients/client1/web17/cgi-bin>
                                                                                Require all granted
                                                                    </Directory>
                                <Directory /var/www/joomla-development.eu/web>
                                        <FilesMatch "\.php[345]?$">
                                                SetHandler php-fcgi
                                        </FilesMatch>
                                </Directory>
                                <Directory /var/www/clients/client1/web17/web>
                                        <FilesMatch "\.php[345]?$">
                                                SetHandler php-fcgi
                                        </FilesMatch>
                                </Directory>
                Action php-fcgi /php-fcgi virtual
                                Alias /php-fcgi /var/www/clients/client1/web17/cgi-bin/php-fcgi-*-80-joomla-development.eu
                FastCgiExternalServer /var/www/clients/client1/web17/cgi-bin/php-fcgi-*-80-joomla-development.eu -idle-timeout 300 -socket /var/lib/php7.0-fpm/web17.sock -pass-header Authorization  -pass-header Content-Type
                </IfModule>
                <IfModule mod_proxy_fcgi.c>
                        #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web17.sock|fcgi://localhost//var/www/clients/client1/web17/web/$1
                        <Directory /var/www/clients/client1/web17/web>
                                <FilesMatch "\.php[345]?$">
                                                SetHandler "proxy:unix:/var/lib/php7.0-fpm/web17.sock|fcgi://localhost"
                                </FilesMatch>
                        </Directory>
                        </IfModule>



                # add support for apache mpm_itk
                <IfModule mpm_itk_module>
                        AssignUserId web17 client1
                </IfModule>

                <IfModule mod_dav_fs.c>
                # Do not execute PHP files in webdav directory
                        <Directory /var/www/clients/client1/web17/webdav>
                                <ifModule mod_security2.c>
                                        SecRuleRemoveById 960015
                                        SecRuleRemoveById 960032
                                </ifModule>
                                <FilesMatch "\.ph(p3?|tml)$">
                                        SetHandler None
                                </FilesMatch>
                        </Directory>
                        DavLockDB /var/www/clients/client1/web17/tmp/DavLock
                        # DO NOT REMOVE THE COMMENTS!
                        # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
                        # WEBDAV END
                </IfModule>
</VirtualHost>

Whitch services should I reconfigure and how ? do you mean dpkg-reconfigure ? I don't care of any changes I would have made.
I tried to make certificate manually with certbot. It seemed to work:

Code:

Obtaining a new certificate
Created an SSL vhost at /etc/apache2/sites-available/joomla-development.eu.vhost-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/joomla-development.eu.vhost-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/joomla-development.eu.vhost-le-ssl.conf

But https://joomla-development.eu/ shows SSL_ERROR_RX_RECORD_TOO_LONG

 

removed all le-ssl files in apache confs:
deleted all letsencrypt certificates too.
Now trying to checkbox SSL en LETSENCRYPT in ISPCONFIG site conf I get that in logs, as before:

Code:

7.03.2020-09:39 - WARNING - Could not verify domain joomla-development.eu, so excluding it from letsencrypt request.
17.03.2020-09:39 - WARNING - Could not verify domain www.joomla-development.eu, so excluding it from letsencrypt request.
17.03.2020-09:39 - WARNING - Let's Encrypt SSL Cert for: joomla-development.eu could not be issued.

 

I can't find any letsencrypt checkbox in system > server config > ks307144.kimsufi.com. See joined screen capture
Where can I put the interface in english ?

@jesse:

Code:

ks307144 sites-available > grep -R acme-challenge /etc/apache2
/etc/apache2/sites-enabled/100-mon-voyage-a-cuba.com.vhost:             RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-enabled/000-ispconfig.conf:Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
/etc/apache2/sites-enabled/000-ispconfig.conf:<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
/etc/apache2/sites-available/mon-voyage-a-cuba.com.vhost:               RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-available/ligamen.fr.vhost:          RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-available/ligamen.fr.vhost:          RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-available/joomla-development.eu.vhost.bak:           RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-available/webologix.com.vhost.bak:           RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
/etc/apache2/sites-available/ispconfig.conf:Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
/etc/apache2/sites-available/ispconfig.conf:<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>

 

Skip Lets Encrypt Check is unchecked.

If there is no way to make ISPCONFIG renew my Letsencrypt certificates, why can't I re-create certs with certbot ?