Hi, Im running a multiserver setup on Debian 10 (Buster) and ISPConfig 3.2.5 on all of them. I have installed a new webserver last week, and this server is also Debian 10 / ISPConfig 3.2.5. But this server is installed using the auto install script. It has installed acme.sh instead of certbot witch is just fine. But now I can't make a certificate for my webstites. I only got this error message using loglevel debug and server.sh: This goes for all domains on the same server. I have testet, and double/triple testet that there is connection from internet to webserver, and on both port 80 and on port 443. So my question is, where can I find the logs for acme.sh ? Cant find anything about it in the /root/.acme.sh/ or the /var/log folder. This new server is joined a multi server setup, and it does not have ispconfig webinterface installed. I only have webinterface on another server. So I only have the this in the log in interface -> "Unable to read logfile" Another thing is, where can I find the script for making logs before I post on this forum ? I renember you have some kind of script to collect logs. Cant seem to find it in the forum. Please sent a link to me so I can use it next time. Best regards Mr. Madsen
The error message means that the domains could not be resolved from your server, so it's not an acme.sh error, its a test that is made before acme.sh is called. Is the server behind a NAT router? If yes, enable the skip letsencrypt check checkbox under system > server config > web in ISPConfig.
Hi Till, Yes, Im aware of that. But the domain IS resolvable from the server: Code: root@webX1:/var/log/# dig domain.dk ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> domain.dk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62849 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: a2fa6a857d15fab0815f602e60d99b7e56658f23dd29c76a (good) ;; QUESTION SECTION: ;domain.dk. IN A ;; ANSWER SECTION: domain.dk. 83 IN A xxx.xxx.xxx.xx9 ;; AUTHORITY SECTION: domain.dk. 78363 IN NS ns1.dnsprovider.dk. domain.dk. 78363 IN NS ns2.dnsprovider.dk. domain.dk. 78363 IN NS ns3.dnsprovider.dk. ;; Query time: 6 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jun 28 11:50:54 CEST 2021 ;; MSG SIZE rcvd: 159 Yes, of course the server is beind a NAT router. I have other webservers (ISPConfig) they do not have this issue, they are also beind a NAT router and they do not have "skip letsencrypt check checkbox" checked. I would just like to se a log from acme.sh so I can troubleshoot it further. Where can I find a log from acme.sh ? Best regards Mr. Madsen
My wording was not quite right, with resolvable, I did not mean DNS resolving. What ISPConfig does is that it tries to reach the domain name by HTTP to see if it can access a file in the same way that Let#s encrypt uses for verification and if that fails, then the domain gets excluded to avoid that. Try to disable the skip letsencrypt check checkbox, then enable Let#s encrypt in the website again and press save. You can not troubleshoot that by using acme.sh log as acme.sh is not even executed as the domains can't be reached by ISPConfig. Please see FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Hi Till, Thank you, now I understand the issue, its working now. Thanks so mutch for the great support Another guestion, how do I access goaccess ? Its installed altso. Best regards Mr. Madsen
it's in the /stats/ folder of the website. Must be enabled for that site though and takes 24 hours until first stats get generated (the site must receive web traffic to generate stats).
