ACME

Discussion in 'Installation/Configuration' started by Stefan Schumacher, Aug 11, 2021.

Tags:
Page 2 of 2
  1. Stefan Schumacher

    Stefan Schumacher Member

    Nope. I know the Limits of Let's Encrypt regarding certificates per hour and I am very careful not to overstep them. Also, it produces a different error message would that have been the case.
     
    Stefan Schumacher, Aug 18, 2021
    #21
  2. Stefan Schumacher

    Stefan Schumacher Member

    Hi Taleman, this is a standard redirection one of my colleagues probably needed for some long dead project.
    I'll talk to my colleague and ask him if anything breaks if I delete it. But I am sure I did not ask for www, I dont need one for a dedicated mailserver.
    hostname mail1
    hostname -f mail1.consulting1x1.info

    Yours sincerely
    Stefan
     
    Stefan Schumacher, Aug 18, 2021
    #22
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    ahrasis, Aug 19, 2021
    #23
  4. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    That does work, I have been following in Chiefs foot steps with regard to his issue.

    Installer fails LE cert > self signed created > force update using nightly build > yes to new cert.

    My concern, and I have raised an issue for it. If the updater can create the cert then the installer must be doing something slightly differently to get a fail. What I do not know, but the problem is reproducible.
     
    Chris_UK, Aug 19, 2021
    #24
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Good to know. The developers know what they did to fix the updater may be they missed similar code in the installer.

    Was just merely guessing as it could be other problems or issues related. ;)
     
    Last edited: Aug 19, 2021
    ahrasis, Aug 19, 2021
    #25
  6. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    I am not sure how but it seems that acme.sh is not configured correctly in the installer, but for the updater it is.

    I have the new acme.sh log and have created an issue, I will add it to it.
     
    Chris_UK, Aug 19, 2021
    #26
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Did you find anything useful in the logs e.g. apache2 cannot be started, as I don't recall any report on nginx server for the same was ever raised.

    May be you can try on nginx server to see if there is any difference, that is if you have a spare server to do the test?
     
    ahrasis, Aug 19, 2021
    #27
  8. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Here is the issue I submitted. https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6216 I attached the log file t a reply to it.

    I will run an install using Nginx this evening. The good thing about local VM's They cost nothing to set up, just a little time. I had not considered testing Nginx but I will be happy to.
     
    Chris_UK, Aug 19, 2021
    #28
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Aug 19, 2021
    #29
    ahrasis and Chris_UK like this.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so here is the final solution to the issue. It was not a problem with the reload, the source of the problem and the reason why it popped up out of the blue without having released a new ISPConfig update that might have introduced a new a bug is this:

    "Starting from August-1st 2021 , acme.sh will release v3. 0, in which the default CA will use ZeroSSL instead."

    Zerossl requires a registration upfront, while LE does not require that. ISPConfig changes the acme.sh default CA to LE already when it downloads acme.sh itself and it also changes it at the end of the installation process. But in the case of using the auto-installer, the auto-installer has already downloaded acme.sh, but it has not switched it from ZeroSSL to LE. In this edge case, ISPConfig does not run its own routine to switch to LE before it tries to issue the cert, but issuing the cert fails now due to the missing ZeroSSL registration. At the end of the installation, the acme.sh config switches to LE, that's why it finally works on a new update.

    To use the branch which contains this fix, add the option:

    --channel=dev

    to the autoinstaller command. Example:

    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades --channel=dev
     
    till, Aug 19, 2021
    #30
    Chris_UK, Taleman, Jesse Norell and 1 other person like this.
  11. concept21

    concept21 Active Member

    How do I update an ISPConfig 3.2.5 with a failed acme.sh? :(
     
    concept21, Aug 29, 2021
    #31
  12. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Use nightly.
     
    ahrasis, Aug 29, 2021
    #32
    Chris_UK likes this.
  13. concept21

    concept21 Active Member

    How do I do that? :rolleyes:
     
    concept21, Aug 29, 2021
    #33
  14. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    ahrasis, Aug 29, 2021
    #34
    Chris_UK likes this.
  15. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    I have updated my answer on that thread too including the update part. Hopefully with it being in a few locations on the thread and now prominently highlighted people should see the two fix paths to take.
     
    Chris_UK, Aug 30, 2021
    #35
Page 2 of 2

Share This Page