I installed an ISPconfig server on Debian 10 as i have done many times. acme.sh is installed and everything works. There are no errors when running with debug logging on. However - when i check SSL and letsencrypt on the website the ssl certificate is issued, and placed in /root/.acme.sh/ etc. and according to the debug log, the apache config is written, but the SSL part is not. Only for port 80 is created. Any hint would be gladly apprieciated as this is really annoying, and makes not sense at all. /Morten
It is unclear to me what is not working. Do you mean your setup does not have certificate when you connect to the ISPConfig panel? That should work if you force reconfigure services and let it create a certificate, and use the same certificate for all services.
Please post the debug output from server.sh script after enabling SSL and LE in that website. And do you have any custom configuration in the apach directives field on the options tab of that site?
LE certificate for ISPconfig itself was issued and working just fine. If i create a website "website.com", and enable SSL and lets encrypt, the certificate is issued, but the apache configuration in /etc/apache2/sites-available/website.com.conf is NOT updated with a listener for port 443 or SSL certificates.
There is no custom configuration at all. Code: 05.05.2021-06:05 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 05.05.2021-06:05 - DEBUG - Found 1 changes, starting update process. 05.05.2021-06:05 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 05.05.2021-06:05 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 05.05.2021-06:05 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web3' - return code: 0 05.05.2021-06:05 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web3' - return code: 0 05.05.2021-06:05 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web3'|awk 'END{print $2,$NF}' - return code: 0 05.05.2021-06:05 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 05.05.2021-06:05 - DEBUG - safe_exec cmd: setquota -u 'web3' '0' '0' 0 0 -a &> /dev/null - return code: 0 setquota: Not setting block grace time on /dev/xvda3 because softlimit is not exceeded. setquota: Not setting inode grace time on /dev/xvda3 because softlimit is not exceeded. 05.05.2021-06:05 - DEBUG - safe_exec cmd: setquota -T -u 'web3' 604800 604800 -a &> /dev/null - return code: 0 05.05.2021-06:05 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web3' - return code: 0 05.05.2021-06:05 - DEBUG - Verified domain rolli.com should be reachable for letsencrypt. 05.05.2021-06:05 - DEBUG - Verified domain www.rolli.com should be reachable for letsencrypt. 05.05.2021-06:05 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 05.05.2021-06:05 - DEBUG - Create Let's Encrypt SSL Cert for: rolli.com 05.05.2021-06:05 - DEBUG - Let's Encrypt SSL Cert domains: 05.05.2021-06:05 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d rolli.com -d www.rolli.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d rolli.com -d www.rolli.com --key-file '/var/www/clients/client1/web3/ssl/rolli.com-le.key' --fullchain-file '/var/www/clients/client1/web3/ssl/rolli.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi sh: 1: [[: not found sh: 1: 2: not found sh: 1: [[: not found 05.05.2021-06:05 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 05.05.2021-06:05 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/rolli.com.vhost 05.05.2021-06:05 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 05.05.2021-06:05 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.3/fpm/pool.d/web3.conf 05.05.2021-06:05 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 05.05.2021-06:05 - DEBUG - Restarting php-fpm: systemctl reload php7.3-fpm.service 05.05.2021-06:05 - DEBUG - Apache status is: running 05.05.2021-06:05 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 05.05.2021-06:05 - DEBUG - Restarting httpd: systemctl restart apache2.service 05.05.2021-06:05 - DEBUG - Apache restart return value is: 0 05.05.2021-06:05 - DEBUG - Apache online status after restart is: running 05.05.2021-06:05 - DEBUG - Processed datalog_id 85 05.05.2021-06:05 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
You replaced bash with a noncompatible shell on your server, this causes acme.sh to fail. Run: dpkg-reconfigure dash and choose 'no' in the dialog that is shown.
Till - your are my hero Thanks a lot. It has never been an issue before, but glad it was that simple.
In the future, to prevent such misses, use the new guide: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
The old guides also have instructions for that, I've copied the above command from Debian 10 perfect server guide, chapter 6. But using the new auto installer is easier anyway
