Hey everyone, I'm hitting a wall with automatic Let's Encrypt requests on my server. My ISPConfig's automated script keeps failing. I create the websites entirely through the ISPConfig interface. The folder structure and the Apache VirtualHost file are generated correctly. However, when I try to enable SSL: I check the "SSL" box and the "Let's Encrypt SSL" box. Click save The job queue is processed the "Let's Encrypt SSL" checkbox and the "SSL" checkbox uncheck themselves and of course, certs are not generated If I try to generate certs manually with acme.sh it fails with a 404 error in the .well-know file fetch process, so I check the generated vhost for the file and I'm afraid there is some sort of misconfiguration there that prevent the procedure to succeed, so I changed the vhost.conf.master inserting a snippet similar to this: Code: Alias /.well-known/acme-challenge/ <tmpl_var name='web_document_root'>/.well-known/acme-challenge/ <Directory <tmpl_var name='web_document_root'>/.well-known/acme-challenge/> Require all granted </Directory> THen my new vhost is generated with the fix and if I run acme.sh manually again it finally works! Anyway, if I try to generated cert using the cehckbox in the ispconfig web interface it doesn't work. My data: OS: Debian 12 (Bookworm) ISPConfig Version: 3.3.0p3 Web Server: Apache2 Anyone can help?
Please see: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ The snippet you use shall not be in the vhost. ISPConfig uses a global acme validation directory. Please remove the snippet you added and the follow the Let's Encrypt error FAQ to find out why no cert was issued. And, very importantly, do not manually issue any certificates for ISPConfig websites, it will break your config. You will likely have to delete that site and recreate it to get back to a configuration that can be managed by ISPConfig. This can't work anymore after you manually generated the cert and altered the vhost in the way you did. This site is not manageable with ISPConfig anymore. Please undo it and follow the let's Encrypt FAQ instead to find out why you did not get a cert. E.g. your system might be behind a NAT router and you missed disabling the Let's Encyrpt check.
