Hi Guys, i installed SSL for ISPConfig according to this thread: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ when i try to restart apache : service apache2 restart i get the following error: Code: root@server2:/etc/ssl/private# service apache2 restart Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. then i try apache2ctl configtest and get the following error: Code: root@server2:/etc/apache2# apache2ctl configtest AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73 AH00526: Syntax error on line 63 of /etc/apache2/sites-enabled/000-ispconfig.vhost: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Action 'configtest' failed. The Apache error log may have more information. root@server2:/etc/apache2# Did i do something wrong during the configuration of SSL for ispconfig? maybe someone can help me... thanks a lot
Probably yes, as apache complains that the sell cert does not exist. Please post the result of: ls -la /usr/local/ispconfig/interface/ssl/
Hi, thanks for your fast reply. here is the result: Code: root@server2:~# ls -la /usr/local/ispconfig/interface/ssl/ total 28 drwxr-x--- 2 root root 4096 Apr 10 15:09 . drwxr-x--- 9 ispconfig ispconfig 4096 Nov 5 19:17 .. -rwxr-x--- 1 root root 45 Apr 10 15:06 empty.dir lrwxrwxrwx 1 root root 52 Apr 10 15:09 ispserver.crt -> /etc/letsencrypt/live/server2.cl-i.net/fullchain.pem -rwxr-x--- 1 root root 2228 Apr 10 15:06 ispserver.crt-200410150845.bak -rwxr-x--- 1 root root 1797 Apr 10 15:06 ispserver.csr lrwxrwxrwx 1 root root 50 Apr 10 15:09 ispserver.key -> /etc/letsencrypt/live/server2.cl-i.net/privkey.pem -rwxr-x--- 1 root root 3243 Apr 10 15:06 ispserver.key-200410150854.bak -rwxr-x--- 1 root root 3311 Apr 10 15:04 ispserver.key.secure -rw------- 1 root root 0 Apr 10 15:09 ispserver.pem root@server2:~#
That's ok so far. So my guess is that LE was not able to issue a cert then. Check that with: ls -la /etc/letsencrypt/live/server2.cl-i.net/
thanks for your answer... here is the result: Code: root@server2:~# ls -la /etc/letsencrypt/live/server2.cl-i.net/ ls: cannot access '/etc/letsencrypt/live/server2.cl-i.net/': No such file or directory root@server2:~#
Ok, this means that there is no Let's encrypt certificate and that's why the system fails now. The domain server2.cl-i.net is already pointing to the server and you created a website for this domain and enabled SSL and let's encrypt for that website as described in the tutorial?
Hi, thanks for your answer. The domain is pointed to the server, i access with ssh [email protected]-i.net I think i not created a website for this domain and i think i not enabled SSL and lets encrypt but now i have the problem that i dont have access to server2.cl-i.net:8080 because apache is not working... so how can i proceed? thanks for your kind help Update: I think about to install the server completely new because i not have any website there yet. For to be sure that this does not happen with other servers, can you please give me an advise about what to care when i do this SSL prodedure... thanks a lot..
There is no need to reinstall it, do this instead: cd /usr/local/ispconfig/interface/ssl/ rm -f ispserver.crt cp ispserver.crt-200410150845.bak ispserver.crt rm -f ispserver.key cp ispserver.key-200410150845.bak ispserver.key Then restaet apache, create the website for the hostname with SSL and LE enabled, wait a few minutes, check that LE has really be enabled and then run these commands again: cd /usr/local/ispconfig/interface/ssl/ mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key cat ispserver.{key,crt} > ispserver.pem chmod 600 ispserver.pem You missed the step from LE guide where it says that you have to create a website for the hostname with LE enabled. Without that, you don't have a SSL cert and without SSL cert, apache will not work. The guide also mentions an alternative which might be easier to use: https://github.com/ahrasis/LE4ISPC
Hi, thank you very much for your detailed answer. I just made the first steps and then created the domain server2.cl-i.net with SSL and LE enabled. Do i need to go to SSL and create a SSL certificate like for the other domains or do i run then the commands that you told me: cd /usr/local/ispconfig/interface/ssl/ etc.... thanks for your great help like always
Hi there, thanks for your help everything is working now. I missed the part to create a website for the hostname, that was the error and i am really happy its working now. Now i will try that with the other servers as well. Thanks a lot for your patience and for explaining it so detailed. Have a nice week regards Tom