Hostname certificate

Discussion in 'Installation/Configuration' started by Alex21, Jan 27, 2021.

  1. Alex21

    Alex21 New Member

    Hallo,

    server: vps debian 10 buster
    ISPConfig version 3.2.2

    During installation (new installation), ISPConfig tried to set a Let'S Encrypt certificate for the hostname. (for panel, mail and ftp access)
    Hostname provided by the vendor of the machine, without my modifications.
    Operation failed with this error message:

    Checking / creating certificate for <FQDN>
    Using certificate path /etc/letsencrypt/live/<FQDN>
    Using apache for certificate validation
    Issuing certificate seems to have succeeded but /usr/local/ispconfig/interface/ssl/ispserver.crt seems to be missing.
    Falling back to self-signed.
    Generating RSA private key, 4096 bit long modulus (2 primes)
    ecc. ecc.


    Then, using the ISPConfig panel, I tried to add a new domain equal to <FQDN>
    with Let's Encrypt certificate.

    Domain added regularly.

    Now what happens:

    https://<FQDN> has a valid certificate and there is the welcome page.

    https://<FQDN>:8080 does not have a valid certificate. There is always the self-signed one. The ISPConfig panel works.

    Can it be solved?

    Greetings
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Do check if /etc/letsencrypt/live/<FQDN> really existed, as I am suspecting it does not exist and the false message could be due to a bug already opened in the git. In any event, try running ispconfig_update.sh --force command, reconfigure all services and choose creating SSL again, and see the result.
     
  3. Alex21

    Alex21 New Member

    Thanks for the reply. I am done with these results.
    root@<FQDN>:/etc# cd /letsencrypt
    bash: line 0: cd: /letsencrypt: No such file or directory.

    You were right, it doesn't exist.

    update stable do not work.
    root@<FQDN>:~# ispconfig_update.sh --force
    Select update method (stable,nightly,git-develop) [stable]: <- Enter
    error:
    Unable to retrieve version file.

    update git-develop work
    root@<FQDN>:~# ispconfig_update.sh --force
    Select update method (stable,nightly,git-develop) [stable]: git-develop <- Enter
    Reconfigure Permissions in master database? (yes,no) [no]:
    Reconfigure Services? (yes,no,selected) [yes]:
    ...
    ...
    ...
    Updating ISPConfig
    ISPConfig Port [8080]:

    Create new ISPConfig SSL certificate (yes,no) [no]: yes
    Checking / creating certificate for <FQDN>
    Using certificate path /root/.acme.sh/<FQDN>
    Using apache for certificate validation
    Symlink ISPConfig SSL certs to Postfix? (y,n) [y]:
    Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]:
    Reconfigure Crontab? (yes,no) [yes]:
    Updating Crontab

    Restarting services ...
    Update finished.


    Now the panel has one valid certificate.
    I have not tested with ftp and mail connections.
    But can I risk installing live sites with the development version ispconfig?

    Greetings



     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You are trying /letsencrypt, not /etc/letsencrypt.
     
  5. Alex21

    Alex21 New Member

    I have tried correctly it seems to me,
    I also searched the directory with smarTTY. The file wasn't there.
    Greetings
     
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    You can but you don't have to. Run the same command again, choose stable, reconfigure services and say no to create SSL certs.
     
  7. Alex21

    Alex21 New Member

    Does not work. How to upgrade from stable to stable:
    Select update method (stable,nightly,git-develop) [stable]: <- Enter
    Unable to retrieve version file.

    Boh, we'll see. Thanks anyway.
    Greetings
     
  8. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    No worries simply follow the blog post for updating to ISPConfig 3.2.2.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if your server is not able to connect to the internet.
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You have not. Ahrasis and Th0m showed the correct command.
     

Share This Page