Web Domain > Let's Encrypt - does not turn on, I need help!

Discussion in 'Installation/Configuration' started by Oazis, Aug 13, 2022.

Tags:
  1. Oazis

    Oazis Member

    Hi everyone,
    Configured ISPConfig 3.2.8p1, with NGINX webserver on Debian 11, one of the sites stopped working "Let's Encrypt", no matter what i do it doesn't want to turn on, can't understand why, I need your help!
    Безымянный.JPG
    Thanks.
     
    Last edited: Aug 13, 2022
    Oazis, Aug 13, 2022
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Aug 13, 2022
    #2
  3. Oazis

    Oazis Member

    None of the above was in the FAQ, reporting a recurring error where "Let's Encrypt" stops working when adding a subdomain.
    Or at the moment when you remove the use of "Let's Encrypt", and after that this function does not turn on. However, the certificate continues to work without the feature enabled.
    Без названия.jpeg
     
    Last edited: Aug 14, 2022
    Oazis, Aug 14, 2022
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The FAQ is for the exact issue you have, so please start following it now. Here again the link:

    https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/

    Follow every single step incl. the last one, which instructs you to post the debug output which I don't see anywhere in your answer.
     
    till, Aug 14, 2022
    #4
  5. Oazis

    Oazis Member

    I did everything, tell me how to publish the debug output?
    Code:
    root@vps:~# /usr/local/ispconfig/server/server.sh
finished server.php.
     
    Last edited: Aug 14, 2022
    Oazis, Aug 14, 2022
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The output shows that you did not enable debug mode yet. Please follow all steps from the debug guide and do not leave out some steps. The debug log level must be enabled under system > server config.

    Then you check the let#s encrypt checkbox of the website and save, run server.sh as root user and post the result that you get on the screen.
     
    till, Aug 14, 2022
    #6
    Oazis likes this.
  7. Oazis

    Oazis Member

    Sorry, I saw, here is the debug code:
    Code:
    14.08.2022-13:39 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
14.08.2022-13:39 - DEBUG [server:177] - Found 1 changes, starting update process.
14.08.2022-13:39 - DEBUG [plugins.inc:118] - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'.
14.08.2022-13:39 - DEBUG [plugins.inc:118] - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'.
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr -i '/var/www/clients/client1/web1' - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: df -T '/var/www/clients/client1/web1'|awk 'END{print $2,$NF}' - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -u 'web1' '0' '0' 0 0 -a &> /dev/null - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -T -u 'web1' 604800 604800 -a &> /dev/null - return code: 0
14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0
14.08.2022-13:40 - WARNING - Could not verify domain feedback.ua, so excluding it from letsencrypt request.
14.08.2022-13:40 - WARNING - Could not verify domain www.feedback.ua, so excluding it from letsencrypt request.
14.08.2022-13:40 - WARNING - Let's Encrypt SSL Cert for: feedback.ua could not be issued.
14.08.2022-13:40 - WARNING -
14.08.2022-13:40 - DEBUG [db mysql.inc:521] - NON-String given in escape function! (boolean)
14.08.2022-13:40 - DEBUG [nginx plugin.inc:1394] - Enable SSL for: feedback.ua
14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: nginx -V 2>&1 | grep 'built with OpenSSL' | sed 's/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0
14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: nginx -V 2>&1 | grep 'running with OpenSSL' | sed 's/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0
14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: which 'nginx' 2> /dev/null - return code: 0
14.08.2022-13:40 - DEBUG [nginx plugin.inc:1623] - Enable TLS 1.3 for: feedback.ua
14.08.2022-13:40 - DEBUG [nginx plugin.inc:1916] - Writing the vhost file: /etc/nginx/sites-available/feedback.ua.vhost
14.08.2022-13:40 - DEBUG [nginx plugin.inc:3042] - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web1.conf
14.08.2022-13:40 - DEBUG [services.inc:56] - Calling function 'restartPHP_FPM' from module 'web_module'.
14.08.2022-13:40 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service
14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0
14.08.2022-13:40 - DEBUG [web module.inc:316] - Restarting php-fpm: systemctl reload php7.4-fpm.service
14.08.2022-13:40 - DEBUG [nginx plugin.inc:2017] - nginx status is: running
14.08.2022-13:40 - DEBUG [services.inc:56] - Calling function 'restartHttpd' from module 'web_module'.
14.08.2022-13:40 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service
14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'nginx' 2>&1 - return code: 0
14.08.2022-13:40 - DEBUG [web module.inc:236] - Checking nginx configuration...
14.08.2022-13:40 - DEBUG [web module.inc:239] - nginx configuration ok!
14.08.2022-13:40 - DEBUG [web module.inc:246] - Restarting httpd: systemctl restart nginx.service
14.08.2022-13:40 - DEBUG [nginx plugin.inc:2020] - nginx restart return value is: 0
14.08.2022-13:40 - DEBUG [nginx plugin.inc:2027] - nginx online status after restart is: running
14.08.2022-13:40 - DEBUG [modules.inc:240] - Processed datalog_id 321
14.08.2022-13:40 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
     
    Oazis, Aug 14, 2022
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Here you have your issue:

    The error means that either the domains do not point to the server in DNS (the FAQ mentions that you should check this), which means they can not be reached and therefore no LE cert can be issued, or your server is behind a NAT router that blocks access from the server to the domains, which means you must disable the let#s encrypt check. Both points are mentioned in the Let's encrypt FAQ btw.

    So now do the steps from LE error FAQ and verify that the domains are really pointing to the right server in DNS (check the IPv4 and IPv6 records) and also disable let#s encrypt checkbox if your system is behind a router.
     
    till, Aug 14, 2022
    #8
  9. Oazis

    Oazis Member

    Thank you very much!

    Dear Till, is it possible to get this wildcard certificate as *.DOMEN.COM using the service "Let's Encrypt"?
     
    Oazis, Aug 14, 2022
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    No, at least not by using domain validation as used in ISPConfig. Wildcard certs are only available using DNS auth, us forum search function if you like to know details on that. But ISPConfig automatically adds all sub and alias domains to the certificate automatically that you add in ISPConfig, which means that wildcard certs are normally not needed anyway. Just add all subdomains you want to use in ISPConfig for this website and they all get added automatically to the SSL cert. But don't forget that they must point to your server in DNS before you add them to the website!
     
    till, Aug 14, 2022
    #10

Share This Page