Thank you for your responsiveness I think I no longer have the problem when I activate the HTTPS mode for the site1.ac-amiens.fr a2ensite site1.ac-amiens.fr.vhost-le-ssl.conf with a redirection from HTTP to HTTPS I have other sites using HTTP and HTTPS, all the files are in / etc / apache2 / sites-enabled /: Example: 100-site1.ac-amiens.fr.vhost and sites1.ac-amiens.fr.vhost-le-ssl.conf ##### HTTP: In the vhost 100-site1.ac-amiens.fr.vhost: <VirtualHost *: 80> And HTTPS sites1.ac-amiens.fr.vhost-le-ssl.conf: <VirtualHost 192.168.236.50:443> ###### How to enable HTTPS and generate the configuration file? Should you systematically generate a certificate for a new site and switch to HTTPS with a redirection? In my case I use cerbot it generates me the SSL file in sites-enabled / certbot-auto --no-redirect --webroot-path / var / www / clients / client8 / web81 / web --domain site1.ac-amiens.fr --email xxxxx sites1.ac-amiens.fr.vhost-le-ssl.conf ########### <IfModule mod_ssl.c> <VirtualHost 192.168.236.50:443> - - - SSLCertificateFile /etc/letsencrypt/live/site1.ac-amiens.fr/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/site1.ac-amiens.fr/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> </VirtualHost> </IfModule> ######## Cordially El Musul
I moved your comment to a new thread. Please open a separate thread in the future instead of hijacking others. If you enable Let's Encrypt a cert will be issued and SSL will be enabled.
thank you for your advice, actually when generating the certificate the SSL is well activated automatically. When creating a space, do you have to systematically generate a certificate? Can we create an HTTP space? Crémos
Creation of a web domain without activating SSL in HTTP mode. When I don't enable SSL on a Web Domain, Apache isn't serving the correct vhost I am in Ispconfig 3.1.15p2 Crémos
At least on ISPConfig 3.1 a website can be created in http mode. Just do not tick the SSL and LE boxes. Are you using ISPConfig 3.2 and there website always has certificate?
It is not serving the correct site when visiting over https, because you didn't enable https (SSL). If you want just a error, enable SSL and generate a self signed cert
it does not serve the right site for the visit in HTTP without activation of the SSL and that for all the Web domains which I create. Crémos
It seems like you mixed using * and the actual IP as IP address. This can result in mixed content. So either use * or the IP for all webs.
it's also possible that he's configuring everything ok in ispconfig. the popular browsers now tend to assume that every site is https, so if you just type in the domain name in the url bar it will attempt to open the site using https by default, you may have to type the domain name including the protocol prefix, ie, http://www.domainname.tld to visit a site without a certificate. also, reading back through the first posts, you're creating the certificates using certbot outside of ispconfig, and that's generating the ssl vhost conf in a separate file. this will break ispconfig. if these are sites you're creating are from within ispconfig, you should remove all the vhost conf files with le-ssl in the file name, (may also need to delete those certs/symlinks) and enable the certs using the letsencrypt checkbox in the ispconfig interface. the ispconfig system will then generate the HTTPS part of the vhost configuration in the same file that holds the HTTP configuration. once the site has working https configuration in ispconfig, you'll have the option to force http to https redirection with another checkbox that will become visible in the interface.
Hello ! Indeed all the sites hosted some are in HTTPS and others not. In the vhost file what should I put? <VirtualHost IP: 443> or <VirtualHost *: 443> In the 100-site1.domain.fr.vhost file we have <VirtualHost :80> Al Musul Crémos
You should never alter the file manually, because ISPConfig will overwrite your changes or it breaks your setup. You have to change it in the panel.
you shouldn't be putting anything in the vhost file, if you create the sites in ispconfig, and enable letsencrypt certificates on that site from within ispconfig, then everything you need in the vhost configuration file will be put there by ispconfig. if you're changing vhost configurations yourself, or using some other script/application like certbot to create certificates, and create ssl vhost config files, then that entire site should be done completely outside of ispconfig. mixing ispconfig sites and manual edits/interventions is going to cause problems.
Thanks for your return! This seems clear. I'll follow your recommendations. Regarding the certificates: once configured and installed via Ispconfig, how are they renewed? Is it automatical? (knowing that a letsencrypt certificate only lasts 3 months) Thank you for clarifying.
In the management of the web domain in ispconfig, I check SSL and Let's Encrypt but this does not change the configuration of the file vhost HTTP: <IfModule mod_ssl.c> </IfModule> who I come back in the management interface of Ispconfig under the web domain section the boxes (SSL and Let's Encrypt ) are unchecked. I think it comes from checking the certificate. Message: 18.11.2020-19:48 - WARNING - Let's Encrypt SSL Cert for: marie-curie.lyc.ac-amiens.fr could not be issued. Al Musul Crémos
Go through the Let's Encrypt error FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Just to note, in ISPConfig 3.2, it should be possible to view LE logs from its GUI panel which should ease your trouble of accessing and viewing them via CLI.
Hello! I followed the link and check the option option "Skip Letsencrypt check" under System > Server config > web > SSL Settings. In the web configuration no options are checked (empty). When I check on Enable SNI and Enable SNI I get an error after recording. weird, I have no option in the web server part (empty). Erreur : Website basedir is empty. Invalid website basedir or path too short, min. length 5 chars. Website path is empty. website_path_error_regex Website symlinks is empty. Invalid website symlinks. Vhost config dir is empty. Invalid vhost config directory. Vhost config enabled dir is empty. Invalid vhost conf enabled directory. Nginx Vhost config dir is empty. Invalid nginx config directory. Nginx Vhost config enabled dir is empty. Invalid nginx conf enabled directory. Apache user is empty. Invalid apache user. Apache group is empty. Invalid apache group. Nginx user is empty. Invalid nginx user. Nginx group is empty. Invalid nginx group. Apache php.ini path is empty. Invalid apache php.ini path. CGI php.ini path is empty. Invalid cgi php.ini path. Description Default PHP-Version must not be empty PHP-FPM init script is empty. ect ..... Crémos
