Hi All Have installed Debian Jessie debian-8.10.0-amd64 Followed The Perfect Server - Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1) It was working fine, created a user and then created a site for ispconfig I then followed Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate However I have ran into a problems root@server1:cd /usr/local/ispconfig/interface/ssl/ root@server1:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak root@server1:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak root@server1:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak root@server1:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt root@server1:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key root@server1:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem cat: ispserver.key: No such file or directory cat: ispserver.crt: No such file or directory In the cd /usr/local/ispconfig/interface/ssl/ I have these files: root@server1:/usr/local/ispconfig/interface/ssl# ls empty.dir ispserver.key-180430085449.bak ispserver.crt ispserver.key-180430090612.bak ispserver.crt-180430085440.bak ispserver.key.secure ispserver.crt-180430090603.bak ispserver.pem ispserver.csr ispserver.pem-180430090623.bak ispserver.key root@server1:/home/user# service apache2 restart Job for apache2.service failed. See 'systemctl status apache2.service' and 'jour nalctl -xn' for details. I am unable to view the new website nor can I use ISPconfig Control Panel. Where have I gone wrong or what do I need to do to get this working. Cheers Scorp
You need to make sure that step 5 (Securing ISPConfig Website With Let's Encrypt SSL) is completed without error and LE SSL certs are issued for your ISPConfig website before you proceed further manually or automatically via using LE4ISPC script.
Hi Ahrasis Step 5 was done and tested with the site using Let's Encrypt SSL, I had the green lock, but not the ISPConfig 8080 Thats when I followed the Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate, however I am unable to start apache2 or even get into ispconfig 3 now. Is there a way to get it back, to start again. Cheers Scorp
Check apache logs to see why apache2 fails to start. Use Code: apachectl -S to see maybe errors in config files.
If step 5 is completed successfully, then you will need to check your server hostname whether it is the same name as your ISPConfig website or not, because if it is not, step 6 won't work either. The output hostname -f (in the manual or the LE4ISPC script) must be the same with your ISPConfig website. You will need to modify the manual or the LE4ISPC script before your run them if they are different.
Hi All Thanks for your replies. apachectl -S shows errors root@server1:/home/scorp# apachectl -S AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73 AH00526: Syntax error on line 63 of /etc/apache2/sites-enabled/000-ispconfig.vhost: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Action '-S' failed. The Apache error log may have more information. so, I commen out out each line just to see the next error # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key # SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle Once each line is commented out I then run: service apache2 restart then run apachectl -S no errors are reported, but still unable to view the websites. Hostnames are the same. Cheers Scorp
I think the reason apache did not restart is because symlink from letsencrypt ssl to ispconfig ssl failed. Despite you said otherwise, I think symlink failure most probably is because no letsencrypt ssl were actually created in step 5. Please provide the output of this to confirm: ls -la /etc/letsencrypt/live/$(hostname -f)/ ls -la /usr/local/ispconfig/interface/ssl/
Hi Ahrasis root@server1:/home/user# ls -la /etc/letsencrypt/live/dnssupreme.co.uk/ total 12 drwxr-xr-x 2 root root 4096 Apr 30 08:53 . drwx------ 3 root root 4096 Apr 30 08:53 .. lrwxrwxrwx 1 root root 40 Apr 30 08:53 cert.pem -> ../../archive/dnssupreme.co.uk/cert1.pem lrwxrwxrwx 1 root root 41 Apr 30 08:53 chain.pem -> ../../archive/dnssupreme.co.uk/chain1.pem lrwxrwxrwx 1 root root 45 Apr 30 08:53 fullchain.pem -> ../../archive/dnssupreme.co.uk/fullchain1.pem lrwxrwxrwx 1 root root 43 Apr 30 08:53 privkey.pem -> ../../archive/dnssupreme.co.uk/privkey1.pem -rw-r--r-- 1 root root 543 Apr 30 08:53 README root@server1:/home/user# ls -la /usr/local/ispconfig/interface/ssl/ total 36 drwxr-s--- 2 root root 4096 Apr 30 09:06 . drwxr-s--- 9 ispconfig ispconfig 4096 Apr 30 08:28 .. -rwxr-x--- 1 root root 45 Apr 30 08:28 empty.dir lrwxrwxrwx 1 root root 60 Apr 30 09:06 ispserver.crt -> /etc/letsencrypt/live/server1.dnssupreme.co.uk/fullchain.pem -rwxr-x--- 1 root root 2057 Apr 30 08:28 ispserver.crt-180430085440.bak lrwxrwxrwx 1 root root 60 Apr 30 08:55 ispserver.crt-180430090603.bak -> /etc/letsencrypt/live/server1.dnssupreme.co.uk/fullchain.pem -rwxr-x--- 1 root root 1720 Apr 30 08:28 ispserver.csr lrwxrwxrwx 1 root root 58 Apr 30 09:06 ispserver.key -> /etc/letsencrypt/live/server1.dnssupreme.co.uk/privkey.pem -rwxr-x--- 1 root root 3243 Apr 30 08:28 ispserver.key-180430085449.bak lrwxrwxrwx 1 root root 58 Apr 30 08:55 ispserver.key-180430090612.bak -> /etc/letsencrypt/live/server1.dnssupreme.co.uk/privkey.pem -rwxr-x--- 1 root root 3311 Apr 30 08:28 ispserver.key.secure -rw------- 1 root root 0 Apr 30 12:49 ispserver.pem -rw------- 1 root root 0 Apr 30 08:55 ispserver.pem-180430090623.bak root@server1:/home/user# Cheers Scorp
The one you referred to is LE SSL certs for the top domain (dnssupreme.co.uk) not the server (server1.dnssupreme.co.uk) that is why you failed. The website you should create and get LE SSL certs for it is server1.dnssupreme.co.uk. Once this is done i.e. you can properly access https://server1.dnssupreme.co.uk, you may proceed with step 6 and further, manually or automatically using LE4ISPC script.
Hi Ahrasis Thanks for your advise and help I now have the server working with https, this is what i done. uninstalled ISPConfig, then re-installed it Created a site with the hostname -f, checked site was working, then went back and checked the ssl waited abit and then checked site was on https: then I followed the ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate and all is working. I was not using the full hostname -f at first Thanks Scorp
Actually you don't have to uninstall ISPConfig as you can also access the control panel via ip-address:8080 locally or publicly with some minor warning. You can also restore the old self signed ssl certs by reversing step 6 i.e. moving the files back to their original name. Anyway, glad that you managed to get it working.
