I've just installed ISPConfig on Debian 11: - Configured a brand new server (hostname, hosts, /network/interfaces) - Followed the installation instructions on ispconfig-autoinstall-debian-ubuntu: The install log: Code: root@ispconfig:~# wget -O - get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades --2022-07-28 11:36:39-- get.ispconfig.org/ Resolving get.ispconfig.org (get.ispconfig.org)... 104.26.11.246, 104.26.10.246, 172.67.75.112, ... Connecting to get.ispconfig.org (get.ispconfig.org)|104.26.11.246|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2004 (2.0K) [application/octet-stream] Saving to: ‘STDOUT’ - 100%[===================>] 1.96K --.-KB/s in 0s 2022-07-28 11:36:39 (30.3 MB/s) - written to stdout [2004/2004] WARNING! This script will reconfigure your complete server! It should be run on a freshly installed server and all current configuration that you have done will most likely be lost! Type 'yes' if you really want to continue: yes [INFO] Starting perfect server setup for Debian GNU/Linux 11 (bullseye) [INFO] Checking hostname. [INFO] Enabling contrib and non-free repositories. [INFO] Updating packages [INFO] Updated packages [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common, ntp [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common, ntp [INFO] Activating rspamd repository. [INFO] Activating sury php repository. [INFO] Activating GoAccess repository. [INFO] Updating packages (after enabling 3rd party repos). [INFO] Updated packages [INFO] Default shell is currently dash. [INFO] Setting bash as default shell. [INFO] Default shell is now bash. [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail [INFO] Installing packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd [INFO] Installed packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd [INFO] Generating mySQL password. [INFO] Writing MySQL config files. [INFO] Configuring postfix. [INFO] Restarting postfix [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, spamassassin, rspamd, redis-server, postgrey, p7zip, p7zip-full, unrar-free, lrzip [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, spamassassin, rspamd, redis-server, postgrey, p7zip, p7zip-full, unrar-free, lrzip [INFO] Stopping Rspamd. [INFO] (Re)starting Bind. [INFO] Disabling spamassassin daemon. [INFO] Checking local dns resolver. [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger [INFO] Installing packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php5.6, php5.6-common, php5.6-gd, php5.6-mysql, php5.6-imap, php5.6-cli, php5.6-mcrypt, php5.6-curl, php5.6-intl, php5.6-pspell, php5.6-recode, php5.6-sqlite3, php5.6-tidy, php5.6-xmlrpc, php5.6-xsl, php5.6-zip, php5.6-mbstring, php5.6-soap, php5.6-opcache, php5.6-cgi, php5.6-fpm, php7.0, php7.0-common, php7.0-gd, php7.0-mysql, php7.0-imap, php7.0-cli, php7.0-mcrypt, php7.0-curl, php7.0-intl, php7.0-pspell, php7.0-recode, php7.0-sqlite3, php7.0-tidy, php7.0-xmlrpc, php7.0-xsl, php7.0-zip, php7.0-mbstring, php7.0-soap, php7.0-opcache, php7.0-cgi, php7.0-fpm, php7.1, php7.1-common, php7.1-gd, php7.1-mysql, php7.1-imap, php7.1-cli, php7.1-mcrypt, php7.1-curl, php7.1-intl, php7.1-pspell, php7.1-recode, php7.1-sqlite3, php7.1-tidy, php7.1-xmlrpc, php7.1-xsl, php7.1-zip, php7.1-mbstring, php7.1-soap, php7.1-opcache, php7.1-cgi, php7.1-fpm, php7.2, php7.2-common, php7.2-gd, php7.2-mysql, php7.2-imap, php7.2-cli, php7.2-curl, php7.2-intl, php7.2-pspell, php7.2-recode, php7.2-sqlite3, php7.2-tidy, php7.2-xmlrpc, php7.2-xsl, php7.2-zip, php7.2-mbstring, php7.2-soap, php7.2-opcache, php7.2-cgi, php7.2-fpm, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm, php7.4, php7.4-common, php7.4-gd, php7.4-mysql, php7.4-imap, php7.4-cli, php7.4-curl, php7.4-intl, php7.4-pspell, php7.4-sqlite3, php7.4-tidy, php7.4-xmlrpc, php7.4-xsl, php7.4-zip, php7.4-mbstring, php7.4-soap, php7.4-opcache, php7.4-cgi, php7.4-fpm, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm [INFO] Installed packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php5.6, php5.6-common, php5.6-gd, php5.6-mysql, php5.6-imap, php5.6-cli, php5.6-mcrypt, php5.6-curl, php5.6-intl, php5.6-pspell, php5.6-recode, php5.6-sqlite3, php5.6-tidy, php5.6-xmlrpc, php5.6-xsl, php5.6-zip, php5.6-mbstring, php5.6-soap, php5.6-opcache, php5.6-cgi, php5.6-fpm, php7.0, php7.0-common, php7.0-gd, php7.0-mysql, php7.0-imap, php7.0-cli, php7.0-mcrypt, php7.0-curl, php7.0-intl, php7.0-pspell, php7.0-recode, php7.0-sqlite3, php7.0-tidy, php7.0-xmlrpc, php7.0-xsl, php7.0-zip, php7.0-mbstring, php7.0-soap, php7.0-opcache, php7.0-cgi, php7.0-fpm, php7.1, php7.1-common, php7.1-gd, php7.1-mysql, php7.1-imap, php7.1-cli, php7.1-mcrypt, php7.1-curl, php7.1-intl, php7.1-pspell, php7.1-recode, php7.1-sqlite3, php7.1-tidy, php7.1-xmlrpc, php7.1-xsl, php7.1-zip, php7.1-mbstring, php7.1-soap, php7.1-opcache, php7.1-cgi, php7.1-fpm, php7.2, php7.2-common, php7.2-gd, php7.2-mysql, php7.2-imap, php7.2-cli, php7.2-curl, php7.2-intl, php7.2-pspell, php7.2-recode, php7.2-sqlite3, php7.2-tidy, php7.2-xmlrpc, php7.2-xsl, php7.2-zip, php7.2-mbstring, php7.2-soap, php7.2-opcache, php7.2-cgi, php7.2-fpm, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm, php7.4, php7.4-common, php7.4-gd, php7.4-mysql, php7.4-imap, php7.4-cli, php7.4-curl, php7.4-intl, php7.4-pspell, php7.4-sqlite3, php7.4-tidy, php7.4-xmlrpc, php7.4-xsl, php7.4-zip, php7.4-mbstring, php7.4-soap, php7.4-opcache, php7.4-cgi, php7.4-fpm, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm [INFO] Disabling conflicting apache modules. [INFO] Enabling apache modules. [INFO] Enabling default PHP-FPM config. [INFO] Setting default system php version. [INFO] Installing package phpmyadmin [INFO] HTTPoxy config. [INFO] Installing acme.sh (Let's Encrypt). [INFO] acme.sh (Let's Encrypt) installed. [INFO] ISPConfig does not yet support mailman3 and mailman2 is no longer available in Debian 11. [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils [INFO] Adding quota to fstab. [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, awstats, goaccess, awffull [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, awstats, goaccess, awffull [INFO] Enabling TLS for pureftpd [INFO] Disabling awstats cron. [INFO] Installing packages fail2ban, ufw [INFO] Installed packages fail2ban, ufw [INFO] Installing UnattendedUpgrades [INFO] Installing packages unattended-upgrades, apt-listchanges [INFO] Installed packages unattended-upgrades, apt-listchanges [INFO] Installing roundcube. [INFO] Installing packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins [INFO] Installed packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins [INFO] Installing ISPConfig3. [INFO] Adding php versions to ISPConfig. [INFO] Checking all services are running. [INFO] mysql: OK [INFO] clamav-daemon: OK [INFO] postfix: OK [INFO] bind9: OK [INFO] pureftpd: OK [INFO] apache2: OK [INFO] rspamd: OK [INFO] redis-server: OK [INFO] dovecot: OK [INFO] Installation ready. [INFO] Your ISPConfig admin password is: ----- [INFO] Your MySQL root password is: ----- [INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords! root@ispconfig:~# All fine. I have then configured the server: Firewall - default entry DNS - my domain DNS Customer - Added a new customer Site - Added a new site (without SSL) I've then checked the following the LEtsencrypt FAQ guide: Check that you have a Let’s Encrypt client installed. On servers installed before the release of ISPConfig 3.2, this is most likely certbot. On servers installed after the release, it's most likely acme.sh. Acme. Checked on installation log above Check that the Let's encrypt client 'certbot' is updated (when using certbot). Not using certbot, but acme as above. Check that you run the latest ISPConfig version. Yes. 3.2.8p1 When your server is behind a NAT router so that the server itself can not reach the hosted domains, then enable the option "Skip Letsencrypt check" under System -> Server config -> server1.example.com -> Web. I'm behind a firewall (Pfsense with NAT. Ports 80, 443 and 8080 opened to my server at address 10.0.0.100). Checked Skip Letsencrypt check. If you are using Cloudflare proxy, then you can not get a Let's Encrypt SSL cert. Using Cloudflare DNS (without proxy function enabled) is fine though. Not the case. Check that all domain names (incl. auto subdomain www etc), subdomains and aliasdomains really point to the right website in DNS and are working. Open one after another in your browser and test that. Checked. All points to my static public IP address. If you still use Apache 2.2, then update your ispconfig to the latest version with the ispconfig_update.sh script to get an updated vhost template. After you did that, use Tools > resync to apply the new template to all sites or apply it to a single site by altering a value in the site settings and press save, before you try to activate Let’s Encrypt again. This is only necessary on apache 2.2 systems, newer apache 2.4 or nginx systems are not affected. Not the case. If you updated from ISPConfig < 3.1 to ISPConfig > 3.1 and deselected the "Reconfigure services" option during update (which is selected by default), then Let’s Encrypt will fail as your server is missing the Let’s Encrypt configuration in the ispconfig apache configuration files. Redo the update and chose to reconfigure services in that case. Not the case. Check that 'Server Migration Mode' option under System > Server Config is not enabled, as migration mode disables the creation of new Let's encrypt certificates. Not the case. Unchecked. Unfortunatelly when setting my site to use SSL and Let's Encrypt, the system works and then disable the SSL and Let's Encrypt options with no further information. There is no /var/log/letsencrypt nor /etc/letsencrypt files. I have no idea on what to do next to make SSL work for my sites. Help appreciated.
https://forum.howtoforge.com/threads/please-read-before-posting.58408/ Read all of that and do what it tells you to do. There is part about LE not working with further instructions.
Sorry. Have read all threads and FAQs. Running on Apache: Code: Server version: Apache/2.4.54 (Debian) Server built: 2022-06-09T04:26:43 The htf_report.txt file: Code: root@ispconfig:~# cat htf_report.txt ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 11 (bullseye) [INFO] uptime: 14:46:38 up 3:17, 1 user, load average: 0.00, 0.00, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 3.8Gi 2.0Gi 129Mi 84Mi 1.7Gi 1.5Gi Swap: 974Mi 9.0Mi 965Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.30 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.30 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 307087) [INFO] I found the following mail server(s): Postfix (PID 182776) [INFO] I found the following pop3 server(s): Dovecot (PID 182796) [INFO] I found the following imap server(s): Dovecot (PID 182796) [INFO] I found the following ftp server(s): PureFTP (PID 182887) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:4190 (182796/dovecot) [anywhere]:993 (182796/dovecot) [anywhere]:995 (182796/dovecot) [localhost]:11332 (182783/rspamd:) [localhost]:11333 (182783/rspamd:) [localhost]:11334 (182783/rspamd:) [localhost]:10023 (42346/postgrey) [anywhere]:587 (182776/master) [localhost]:11211 (147771/memcached) [localhost]:6379 (42106/redis-server) [anywhere]:110 (182796/dovecot) [anywhere]:143 (182796/dovecot) [anywhere]:465 (182776/master) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) ***.***.***.***:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [localhost]:53 (183031/named) [anywhere]:21 (182887/pure-ftpd) [anywhere]:22 (395/sshd:) [localhost]:953 (183031/named) [anywhere]:25 (182776/master) *:*:*:*::*:4190 (182796/dovecot) *:*:*:*::*:993 (182796/dovecot) *:*:*:*::*:995 (182796/dovecot) *:*:*:*::*:11332 (182783/rspamd:) *:*:*:*::*:11333 (182783/rspamd:) *:*:*:*::*:11334 (182783/rspamd:) *:*:*:*::*:10023 (42346/postgrey) *:*:*:*::*:3306 (182122/mariadbd) *:*:*:*::*:587 (182776/master) *:*:*:*::*:6379 (42106/redis-server) [localhost]10 (182796/dovecot) [localhost]43 (182796/dovecot) *:*:*:*::*:8080 (307087/apache2) *:*:*:*::*:80 (307087/apache2) *:*:*:*::*:8081 (307087/apache2) *:*:*:*::*:465 (182776/master) *:*:*:*::*:21 (182887/pure-ftpd) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*5422:90ff:fe5f:53 (183031/named) *:*:*:*::*:22 (395/sshd:) *:*:*:*::*:25 (182776/master) *:*:*:*::*:953 (183031/named) *:*:*:*::*:443 (307087/apache2) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
From the LE FAQ (https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/) "What if the above steps don't help? Enable the ISPConfig debug mode by following the steps from this guide: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/"