Hi I have just added a new site alias on ispconfig and made sure to check that the 'Don't add to Let's Encrypt certificate' checkbox is NOT checked. However no SSL cert is being generated for this new domain (as far as I can see) and so I can't access the site. > certbot certificates does not list the domain and /etc/letsencrypt/renewal does not contain it... For added complication, this site is hosted within a Wordpress multisite, so the alias has to be to the master site and it gets redirected by Wordpress... I'm thinking maybe I need to regenerate the certificates to prompt it to create the new one? Any ideas?
Thanks Till. I tried to do a ispconfig_update.sh --force and got the error "Uncaught mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in /tmp/update_runner.sh.ecD52Fef7v/install/update.php:258" This is on an ispconfig migration and it is the first site I have tried to setup since migrating but this indicates that ispaconfig is having a problem accessing mysql?
First, running ispconfig_update.sh --force is not a solution for your initial issue. You may run it, but it will likely not make a difference. So instead of doing this, please follow each step of the let#s encrypt FAQ one by one and if you can not figure this out by yourself, the FAQ tells you what to do and post here. Regarding the mysql issue, you likely changed the MySQL root password in your database after installing ISPConfig but missed changing it in the file /usr/local/ispconfig7server/lib/mysql_clientdb.conf. This issue is not related to the migration.
Yeah thanks I already checked that but not an issue. I have worked my way through the FAQ and still haven't got the Cert. I tried removing the site alias from ISPConfig and then adding the domain as a standalone site - no matter how many times I tried it kept unchecking the Letsencrypt and SSL checkboxes after it finished. Letsencrypt log shows that it 'exits abnormally' because of 'Missing command line flag or config entry for this setting'. THe relevant letsencrypt log (with new domain as domainname.org.uk) looks like this: 2024-05-01 11:23:02,953EBUG:certbot._internal.main:certbot version: 1.21.0 2024-05-01 11:23:02,953EBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot 2024-05-01 11:23:02,953EBUG:certbot._internal.main:Arguments: ['-n', '--text', '--agree-tos', '--cert-name', 'domainname.org.uk', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--webroot-map', '{"domainname.org.uk":"\\/usr\\/local\\/ispconfig\\/interface\\/acme"}'] 2024-05-01 11:23:02,953EBUG:certbot._internal.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-05-01 11:23:02,964EBUG:certbot._internal.log:Root logging level set at 30 2024-05-01 11:23:02,965EBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2024-05-01 11:23:02,965EBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot 2024-05-01 11:23:02,965EBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fe34a66d660> and installer None 2024-05-01 11:23:02,965:INFO:certbot._internal.plugins.selectionlugins selected: Authenticator webroot, Installer None 2024-05-01 11:23:03,318EBUG:certbot._internal.log:Exiting abnormally: 2024-05-01 11:23:03,319:ERROR:certbot._internal.log:Missing command line flag or config entry for this setting: 2024-05-01 11:23:03,820EBUG:certbot._internal.main:certbot version: 1.21.0 2024-05-01 11:23:03,820EBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot 2024-05-01 11:23:03,820EBUG:certbot._internal.main:Arguments: ['--domains', 'domainname.org.uk'] 2024-05-01 11:23:03,820EBUG:certbot._internal.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-05-01 11:23:03,829EBUG:certbot._internal.log:Root logging level set at 30 2024-05-01 11:23:03,883EBUG:certbot._internal.display.obj:Notifying user: Found the following matching certs:
If you purge certbot instead of removing it, that may happen, but you could always restore its folder (with all the certs) from your backup.
It's OK - mfor some reason the main site - that to which all the aliases are pointing to - had becom SSL/Letsencrypt unchecked. I rechecked it and now the certs are working again....
I know this issue has been left for a while but I would like to resuscitate it as I never fixed the original problem and have been attempting to do so again. The issue is that when I try to add a new 'alias domain for website' (which is how I add new websites hosted on my main Wordpress multisite), it won't generate an SSL cert for the domain I am adding. Note: this is the first new site I have added since migrating IPConfig from previous server. I think my letsencrypt setup is in a big mess - there are several things that look wrong: I changed the hostname (accidentally to domain.co.uk from domain.com) on the new server before migrating ISPConfig and I now have 2 directories in /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory - one is a symlink to acme-v01.api and contains what I presume got migrated which contains the meta.json which has "creation_host": "domain.com" instead of domain.co.uk; the other has the correct domain.co.uk. An error message is generated when ISPConfig runs certbot: certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting: Please choose an account Choices: ['domain.com@2017-03-02T17:18:23Z (a47b)', 'domain.co.uk@2024-02-25T18:53:38Z (2440)'] 2024-12-20 13:40:09,657:ERROR:certbot._internal.log:Missing command line flag or config entry for this setting: Please choose an account Choices: ['domain.com@2017-03-02T17:18:23Z (a47b)', 'domain.co.uk@2024-02-25T18:53:38Z (2440)'] ..and then seems to continue to run. However I don't get the new domain alias on the certificate generated. Also the certificate for all the aliases for the main Wordpress multisite domain, get generated in the name of one of the alias sites - and it's not even one that is in use anymore.... Ideally each alias would have it's own cert as they are in these circumstances completely unrelated, but I would settle for the main domain.co.uk to be the 'common name'... I also notice that whenever I open the site settings for the main domain/site in ISPConfig, the 'Let's Encrypt SSL' checkbox is deselected and I have to check it again before saving or I lose certs for all it's aliases (I.e. all my Wordpress multisite websites!) I'm in a complete mess here, so any help is most welcome....
PS if you are going to suggest that I run ispconfig_update.sh --force ...then see my other post https://forum.howtoforge.com/forums/installation-configuration.27/ on why that won't work either!
I won't suggest that as this can not help for this issue. You do not have a problem with ISPConfig here. There you have the issue, you have two accounts in certbot. You must remove one of them. That's ok and as it should be. So, nothing messed up there. And this is not the double account, this is the API v1 and v2 version. You must look into the directory /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/ there are two accounts. You must keep the account that got migrated as all your website certs and renewals rely on this and delete the other account.
Hi @till - in the directory /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/ there is just one item - directory/ - inside that are the two items i prev mentioned - one is a directory the other a symlink to the older /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a47ba.... I checked which one was being used by ISPConfig by looking at /etc/letsencrypt/renewal/<cert-name>.conf and as I suspected it was the symlink to the previous (version 1) directory, so I got the other one out of the way and got ISPConfig to regenerate certs (by switching Letsencrypt off and then back on for the main domain in ISPConfig). This time the logs showed (with tail -f /var/log/letsencrypt/letsencrypt.log -n 100) that certbot was running properly and regenerating certs for all the domains (including the new one), and everything now works fine. The 'Common Name' for all of the site alaiases has also now gone back to being the main site domain, so that's also better. Many thanks for your great support as usual @till - I have been an ISPConfig user since you started and before that I used 42Go!
