i'm a long term ispconfig user (since version 2). I recently deceided to switch my server from Debian8 to a recent version. I chose to do a new install and use the migration Tool (already purchased) to transfer Data. I've installed a fresh Debian10 as a Proxmox LXC on a Hetzner Server. Following the Perfect Server Setup twice, i ran into the same error at the point where Letsencrypt (acme.sh)gets involved: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: Checking / creating certificate for isp.zerosub.de Using certificate path /etc/letsencrypt/live/isp.zerosub.de Using apache for certificate validation Issuing certificate seems to have succeeded but /usr/local/ispconfig/interface/ssl/ispserver.crt seems to be missing. Falling back to self-signed. Generating RSA private key, 4096 bit long modulus (2 primes) The hostname is configured properly (etc/hosts and /etc/hostname), the IP is pointing to the right machine and the DNS records are set. I can not find the problem. Even when i go further, letsenrypt is not able to issue any certificate(through the Webinterface). To me there seems to be a problem with the acme.sh Doing ispconfig_update.sh --force results in the same error. Could there be something wrong with the acme.sh implementation in the recent setup?
When you went through the Let's Encrypt error faq, what were the results? As an aside, how did you install Proxmox on Hetzner server? I have dedicated server there and have so far failed to install Proxmox VE 6.3 properly.
i went through all checks without any fail. Certbot is not installed as i'm having acme.sh (fresh install). Then in the end i'm told to check /var/log/letsencrypt - doesn't exist (would it if not using certbot?). Then "Debugging of ISPConfig 3 server actions in case of a failure" doesn't make much sense to me (please tell me if i'm wrong)as my only problem is letsencrypt. The rest of the system is doing very well. As for Proxmox - that's the reason i'm still on version 5.4-15. Had the same problems with V6. Sorry for not beeing much help here.
Referring to the debugging output and log file is how you determine what is failing. Good question, I don't know. If acme.sh does log to a different file, the faq should be revised to note that.
The log is here: /root/.acme.sh/acme.sh.log ISPConfig uses acme.sh so when debugging ISPConfig, you will see eventual errors from acme.sh.
Thanx Th0m, but /root/.acme.sh/acme.sh.log doesn't exist. I'm stuck. It's not the first time i've installed ispconfig, and for the last 6 Years i've always used Debian LXC's on a Proxmox host. Is it really just me ho has this problem in the actual install?
It could be /usr/local/ispconfig/server/scripts/acme.sh.log aswell.. Again, you can do the debugging as I told you in #5. It will show you what is going wrong.
So, i just let the whole thing sit for a while ... Without any changes, i startet ispconfig_update.sh --force again, and it went through without any glitches. Acme.sh did it's job and the certificate has been issued. Very strange ... But now that the new machine is up and running, the migration script had problems copying the databases: mysqldump: Couldn't execute 'SHOW FUNCTION STATUS WHERE Db = 'c6znodewp'': Cannot load from mysql.proc. The table is probably corrupted (1728) Any hints to where i should dig for this?
i'm trying to get some of the transferred Websites up and running, but acme.sh is still giving me a hard time. I disabled and reeenabled ssl in the Webinterface of ISPCONFIG - with no luck. The Letsencrypt Log in the webinterface is empty. I can't find any logfile to the script telling me what's wrong. Under the .acme.sh/www.domain.com/ path are all the certificates and keys, ISPCONFIG just seems to ignore them. I've marked "Skip Lets Encrypt Check" with no luck ... What is messed up here? It's a fresh install according to the howto? Update: in the ISPC-C Cron Log: Tue Feb 9 15:54:15 UTC 2021 /root/.acme.sh/acme.sh: line 5502: /var/www/clients/client4/web4/ssl/clientdomain.com-le.key: No such file or directory So where is the part which is not linking / copying the keys correctly?
Please see this FAQ to debug issues with LE certs: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Really? Again? Did that five times ... Come on give me a hint. I wanted to support you guys, that's why i bought the migration tool. Now that it doesn't work, i'm alone?
that seems to have done the trick. The migration tool copied over the old keys and somehow the acme.sh script was not able to overwrite them. This btw. is NOT mentioned anywhere in any of the nice FAQs you where pointing me at. Going for a walk now to cool down.
We are trying to help you out here - as we do on this forum almost every day of the week, and usually quicker than a paid professional or your hosting provider would help you out. I don't understand why you get so frustrated at us when we are trying to help you out. I'm glad you resolved your problem, thanks for getting back and sharing it so others might be helped with it if they experience the same problem.
The FAQ instructed you to enable debug mode as the last step. You have not done that (5 times?) or at least, you have not posted the result and without that info which shows why and which cert is chosen for a website, we can only guess what's wrong. So the solution was in the FAQ, you just did not follow it. and as @Thom mentioned, you received fast support here when I read the thread, so really no reason to post such complaints. The source of your problem is that you have chosen to install different LE clients on the old and new system. ame.sh can't read or import le certs from certbot and certbot can't import certs from acme.sh
You're both right. I don't have the right to complain here. Sorry, i just followed the "perfect server tutorial" as everybody suggested.
