Hello, How are you, I hope very well. During today using, https://mail.sutiendaonline.com.ar:8080/login I saw my server as insecure. Certificate: Fri, 01 Apr 2022 18:45:31 GMT until Mon, 29 Mar 2032 18:45:31 GMT So I updated ISPConfig because "ISPConfig 3.2 and newer versions have Let's encrypt for all services builtin" with the following results Create new ISPConfig SSL certificate (yes,no) [no]: yes Yes, because "Let's encrypt for all services builtin" Checking / creating certificate for mail.sutiendaonline.com.ar Using certificate path /etc/letsencrypt/live/mail.sutiendaonline.com.ar Using apache for certificate validation Traceback (most recent call last): File "/usr/local/bin/certbot", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 2, in <module> from certbot._internal import main as internal_main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 6, in <module> import logging.handlers File "/usr/lib/python2.7/logging/__init__.py", line 26, in <module> import sys, os, time, cStringIO, traceback, warnings, weakref, collections File "/usr/lib/python2.7/weakref.py", line 14, in <module> from _weakref import (ImportError: cannot import name _remove_dead_weakref Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed. Generating a RSA private key ..............................................................................................................................................++++ ................++++ writing new private key to '/usr/local/ispconfig/interface/ssl/ispserver.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AR State or Province Name (full name) [Some-State]:Buenos Aires Locality Name (eg, city) []:Capital Federal Organization Name (eg, company) [Internet Widgits Pty Ltd]:SOFIHA Organizational Unit Name (eg, section) []:Internet Common Name (e.g. server FQDN or YOUR name) []:mail.sutiendaonline.com.ar Email Address []:[email protected] Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished. root@mail:~# /usr/local/bin/certbot --version Traceback (most recent call last): File "/usr/local/bin/certbot", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 2, in <module> from certbot._internal import main as internal_main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 6, in <module> import logging.handlers File "/usr/lib/python2.7/logging/__init__.py", line 26, in <module> import sys, os, time, cStringIO, traceback, warnings, weakref, collections File "/usr/lib/python2.7/weakref.py", line 14, in <module> from _weakref import ( ImportError: cannot import name _remove_dead_weakref root@mail:~# /opt/eff.org/certbot/venv/bin/certbot --version Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/certbot", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 2, in <module> from certbot._internal import main as internal_main File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 6, in <module> import logging.handlers File "/usr/lib/python2.7/logging/__init__.py", line 26, in <module> import sys, os, time, cStringIO, traceback, warnings, weakref, collections File "/usr/lib/python2.7/weakref.py", line 14, in <module> from _weakref import ( ImportError: cannot import name _remove_dead_weakref And ... ln -s /opt/eff.org/certbot/venv/bin/certbot /usr/local/bin/certbot (symbolic link '/usr/local/bin/certbot': File exists) root@mail:~# type -a certbot certbot is /usr/local/bin/certbot Question ? Would you help me, please! Thanks Nestor Mazza
You might try the certbot package from backports, I don't know how old it will be. Consider updating to a current Debian version and you know you will have a current certbot package to go with it (still install from backports I would suspect).
You must remove the old certbot by deleting: /usr/local/bin/certbot /opt/eff.org and then install a recent certbot version via snap by following the instructions from https://certbot.eff.org/instructions?ws=apache&os=debianbuster Just run steps 1 - 6 (incl 6).
All stepts (only 1 to 6) are OK!, create a NEW certificates for mail.sutiendaonline.com.ar and show as INSECURE , not working yet Thanks Nestor Mazza
mail.sutiendaonline.com.ar , Now is ok, is SECURE sutiendaonline.com.ar , www.sutiendaonline.com.ar is INSECURE I'll check de logs an let me show you the results Note: Hostname is mail Domain is sutiendaonline.com.ar I used this two names for the server hostname -f mail.sutiendaonline.com.ar If I use de full qualify domain works fine, but if I use another domain works a INSECURE Thanks Nestor Mazza
ISPConfig login is done through the hostname only, so it is secured on mail.sutiendaonline.com.ar and not on sutiendaonline.com.ar when connecting to port 8080. This means your setup is working fine again if you can connect on the hostname with a secured SSL cert to ISPConfig but not any other domain or subdomain.
